icmp flooding, distributed ddos?
Jeff Kinz
jkinz at kinz.org
Thu Sep 4 18:57:06 EDT 2003
On Thu, Sep 04, 2003 at 03:13:48PM -0400, Johannes Ullrich wrote:
> On Thu, 2003-09-04 at 14:41, Jeff Kinz wrote:
> > Anyone seeing signs of a distributed icmp dos?
>
> maybe your are seeing Nachia/Welchia traffic?
Thats it, seems to be mostly from the Welchia, assuming
the 92 byte icmp packets are somewhat uniquely to Welchia.
Thanks to everyone for the pointer(s).
>
> hope this is not too 'commercial' for the list. But I will
> be giving a (free) talk about this on the 17th ;-)
> as part of the Boston SANS conference:
> http://www.sans.org/newengland03/special.php
Hey! Want some log files to analyze? :-)
--
Jeff Kinz, Open-PC, Emergent Research, Hudson, MA. jkinz at kinz.org
copyright 2003. Use is restricted. Any use is an
acceptance of the offer at http://www.kinz.org/policy.html.
Don't forget to change your password often.
More information about the Discuss
mailing list