Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 3 May 2004 20:33:22 -0400
From:      "Matt Gostick" <matt@crazylogic.net>
To:        <freebsd-security@freebsd.org>
Subject:   scheduled pings
Message-ID:  <001001c4316f$6ab193d0$cb01a8c0@haklot>
next in thread | raw e-mail | index | archive | help 
Hello,
 
I have just setup some ipfw rules to checkout some traffic to one of my
boxes.  I have three servers, only one of which has weird traffic.  It
is getting ping'd on a five minute interval from approx 3 to 8 different
ip addresses within the same second.  For example:
 
May  3 20:20:03 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 202.160.241.130
xxx.xxx.xxx.xxx in via dc0
May  3 20:20:13 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 202.160.241.130
xxx.xxx.xxx.xxx in via dc0
May  3 20:25:03 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 64.35.7.130
xxx.xxx.xxx.xxx in via dc0
May  3 20:25:03 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 212.162.1.194
xxx.xxx.xxx.xxx in via dc0
May  3 20:25:03 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 216.74.133.194
xxx.xxx.xxx.xxx in via dc0
May  3 20:25:03 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 63.218.7.130
xxx.xxx.xxx.xxx in via dc0
May  3 20:25:03 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 166.90.213.130
xxx.xxx.xxx.xxx in via dc0
May  3 20:25:04 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 205.158.108.194
xxx.xxx.xxx.xxx in via dc0
May  3 20:25:13 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 64.35.7.130
xxx.xxx.xxx.xxx in via dc0
May  3 20:25:13 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 212.162.1.194
xxx.xxx.xxx.xxx in via dc0
May  3 20:25:13 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 216.74.133.194
xxx.xxx.xxx.xxx in via dc0
May  3 20:25:13 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 63.218.7.130
xxx.xxx.xxx.xxx in via dc0
May  3 20:25:13 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 166.90.213.130
xxx.xxx.xxx.xxx in via dc0
May  3 20:25:14 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 205.158.108.194
xxx.xxx.xxx.xxx in via dc0
 
I've just started denying pings to the box...
 
What is this?
 
Matt Gostick <matt@crazylogic.net>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001001c4316f$6ab193d0$cb01a8c0>