Author: trent (24.71.67.---)
Date: 06-04-01 19:48
This is an old fashioned DoS attack called smurf.
You are not the intended victim, someone is trying to use your machine to do their dirtywork. They Cannot gain access to your machine with these packets.
Someone is creating ECHO REQUEST (ping) packets that say they are from the machine they are trying to DoS and trying to send them to ALL of the internet. Any machines that don't block this type of attack and aren't behind a router or gateway that does will send an ICMP ECHO REPLY packet to the src= machine. This will overload their internet connection and block out traffic to their website or drop them out of Everquest/Quake/Counterstrike etc. If it goes on for a long time they are probably DoSing a big server. If the duration is short (30s-5min) they are probably trying to drop someone out of a game.
The person at the src= address is the victim, do not complain to their ISP. You might be able to trace the packets back to the perpetrator IF you have a packet sniffer AND the perpetrator is within 9 hops of you. Sometimes ping programs will set a flag that makes the machines along the route store their address in the packet header. You can capture the header with a Packet Sniffer/IDS such as snort (snort.org).
If the log above is from your router, you're already blocking it. If not, configure your router to block all broadcast ICMP TYPE=8. It's also a good idea to configure the router to block any packets leaving your LAN that have a SRC not on your LAN (unless one of your machines is redirecting).
|
|
Forum