[geeks] Ping of Death

Thomas Gallaway rescue at port11.net
Thu Feb 5 10:02:02 CST 2004 

Well things happen. First of all get yourselfe a copy of ethereal and 
hang it onto your local
lan. See if you see any weird traffic going on. Then hang the ethereal 
box onto your external
interface but dont assing it an IP. You can still sniff traffic and see 
what kind of packets come
out of your linksys router going into your cable network. This probably 
is your best bet to
see if any of your local machines is behaving wrong.

When I first started working here this was really helpfull as the ISP 
called complaining that
one IP here is spamming like hell. Turns out our ceo opened one of 
"those" emails and turned
his box into a lean mean spamming machine. Ethereal and tcpdump where my 
allies there.

-- Thomas

Michael Schiller wrote:

> Hi All.
>
> I've got a quick question that I hope somebody can give me some
> pointers on. I got an email today saying that my machine is attacking a
> router with the ping-of-death. I'm running Sol9 on 2 machines, OSX
> 10.3.2 on 2 machines, and XP on my PC, and was wondering first off if
> this guy is telling me the truth, that my IP is in fact attacking his,
> and secondly if so, which of my machines should I check first? Oh, all
> these machines are behind a linksys cable router. Below is a part of
> his message:
>
>
>
> I am an IT professional.  Recently, one of the routers I maintain
> started logging ping of death attacks from your IP address. Below is a
> sample of the log.
>
>
> Feb/05/2004 01:47:40
>
> Ping of Death Detect src:68.118.97.30:58898 dst:224.0.0.251:32644
> Packet Dropped
>
> Feb/05/2004 01:43:24
>
> Ping of Death Detect src:68.118.97.30:58898 dst:224.0.0.251:32644
> Packet Dropped
>
> Feb/05/2004 01:41:16
>
> Ping of Death Detect src:68.118.97.30:58898 dst:224.0.0.251:32644
> Packet Dropped
>
> Feb/05/2004 01:40:13
>
> Ping of Death Detect src:68.118.97.30:58898 dst:224.0.0.251:32644
> Packet Dropped
>
> Feb/05/2004 01:39:40
>
>
> Any help with this would be appreciated, as I really haven't kept up
> with this stuff, and at the moment I'm too tired to start tearing into
> all my machines without knowing which one to look at first, and what to
> look for. Thanks!

More information about the geeks mailing list