Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: Ping floods at multiple sites - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Ping floods at multiple sites
    We're seeing reports of ongoing ping floods at multiple sites.  They appear to be getting low tens of thousands of echo requests (60 byte packets, no payload) per minute.
    If you're seeing a similar packet flow, please let us know.  In particular, we'd like to get a sense of how many source IP's appear to be generating the traffic and a packet capture of a few of the packets.

Update: The original poster has reported that the original reporting sites have seen traffic fall off.  At this point we don't have conclusions about what was happening, but at least it appears to have been a focused attack.  Thanks to the people who wrote in with data and suggestions for interpretation.

William

80 Posts
Dec 17th 2006

Sign Up for Free or Log In to start participating in the conversation!