Threat Level: green Handler on Duty: Lorna Hutcheson

SANS ISC: Ping floods at multiple sites - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Ping floods at multiple sites
    We're seeing reports of ongoing ping floods at multiple sites.  They appear to be getting low tens of thousands of echo requests (60 byte packets, no payload) per minute.
    If you're seeing a similar packet flow, please let us know.  In particular, we'd like to get a sense of how many source IP's appear to be generating the traffic and a packet capture of a few of the packets.

Update: The original poster has reported that the original reporting sites have seen traffic fall off.  At this point we don't have conclusions about what was happening, but at least it appears to have been a focused attack.  Thanks to the people who wrote in with data and suggestions for interpretation.

William

80 Posts

Sign Up for Free or Log In to start participating in the conversation!