Wednesday, October 25, 2000
The first day on the night shift and I walk into a fire storm. The entire network is doing the yo-yo fadango.
Nice.
The only job more potentially boring than the one I have is the security guard that sits in the same office as I do, watching the camera monitors.
I mean, it's somewhat interesting to watch the monitors from time to time, but for hours on end? Without a computer?
I'm under a wierd network attack. I'm seeing the following:
S:00C07B4D7D81 D:00806981001F IPv4 S:163.153.172.6 D:208.26.72.31 ICMP echo request 1038 S:00806981001F D:00C07B4D7D81 IPv4 S:163.153.172.6 D:208.26.72.31 ICMP echo request 1038 S:00C07B4D7D81 D:00806981001F IPv4 S:163.153.172.6 D:208.26.72.31 ICMP echo request 1038 S:00806981001F D:00C07B4D7D81 IPv4 S:163.153.172.6 D:208.26.72.31 ICMP echo request 1038 S:00C07B4D7D81 D:00806981001F IPv4 S:163.153.172.6 D:208.26.72.31 ICMP echo request 1038 S:00806981001F D:00C07B4D7D81 IPv4 S:163.153.172.6 D:208.26.72.31 ICMP echo request 1038 S:00C07B4D7D81 D:00806981001F IPv4 S:163.153.172.6 D:208.26.72.31 ICMP echo request 1038 S:00806981001F D:00C07B4D7D81 IPv4 S:163.153.172.6 D:208.26.72.31 ICMP echo request 1038 S:00C07B4D7D81 D:00806981001F IPv4 S:163.153.172.6 D:208.26.72.31 ICMP echo request 1038 S:00806981001F D:00C07B4D7D81 IPv4 S:163.153.172.6 D:208.26.72.31 ICMP echo request 1038
Ad nasuem. 00:C0:7B:4D:7D:81 is the ISDN unit, and
00:80:69:81:00:1F is the terminal server I have, which Mark used to dial
into, until he got IDSL. I turned the terminal server off, and I'm
still seeing echo requests from 163.153.172.6 coming in, every three seconds
or so. There's nothing in the packets (just zeros) which is odd.
I can't traceroute to 163.153.172.6 so it's probably forged source
packets.
The destination IP address is interesting—it was
Mark's broadcast address, which leads me to think this is a so called smurf
attack.
