Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Ping floods at multiple sites InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Ping floods at multiple sites

Published: 2006-12-17
Last Updated: 2006-12-17 19:26:12 UTC
by William Stearns (Version: 1)
0 comment(s)
    We're seeing reports of ongoing ping floods at multiple sites.  They appear to be getting low tens of thousands of echo requests (60 byte packets, no payload) per minute.
    If you're seeing a similar packet flow, please let us know.  In particular, we'd like to get a sense of how many source IP's appear to be generating the traffic and a packet capture of a few of the packets.

Update: The original poster has reported that the original reporting sites have seen traffic fall off.  At this point we don't have conclusions about what was happening, but at least it appears to have been a focused attack.  Thanks to the people who wrote in with data and suggestions for interpretation.

Keywords:
0 comment(s)
Diary Archives