Re: Strange pings from 127.0.0.1

From: Tim Schwimer (tschwimer_at_hotmail.com)
Date: 06/13/04

  • Next message: die tuere: "Re: virus mail ignores MX?" 
    Date: 13 Jun 2004 07:24:05 -0000
To: security-basics@securityfocus.com
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <GAEPLEDFDDGJLBGAABCNKENBCMAA.gg@stober.mailsnare.net>

    I started seeing the same thing on my DMZ segments this Friday afternoon at about 4:00pm (figures, huh??). Anyway, I was wondering what you found out about this. Any insight would be appreciated.
    Thanks,
    T
    >Received: (qmail 20239 invoked from network); 14 May 2004 15:58:54 -0000
    >Received: from outgoing.securityfocus.com (HELO outgoing2.securityfocus.com) (205.206.231.26)
    > by mail.securityfocus.com with SMTP; 14 May 2004 15:58:54 -0000
    >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
    > by outgoing2.securityfocus.com (Postfix) with QMQP
    > id 4018A1437B0; Fri, 14 May 2004 17:53:53 -0600 (MDT)
    >Mailing-List: contact security-basics-help@securityfocus.com; run by ezmlm
    >Precedence: bulk
    >List-Id: <security-basics.list-id.securityfocus.com>
    >List-Post: <mailto:security-basics@securityfocus.com>
    >List-Help: <mailto:security-basics-help@securityfocus.com>
    >List-Unsubscribe: <mailto:security-basics-unsubscribe@securityfocus.com>
    >List-Subscribe: <mailto:security-basics-subscribe@securityfocus.com>
    >Delivered-To: mailing list security-basics@securityfocus.com
    >Delivered-To: moderator for security-basics@securityfocus.com
    >Received: (qmail 13781 invoked from network); 13 May 2004 21:45:06 -0000
    >From: "Marc" <gg@stober.mailsnare.net>
    >To: <security-basics@securityfocus.com>
    >Subject: Strange pings from 127.0.0.1
    >Date: Thu, 13 May 2004 23:55:35 -0400
    >Message-ID: <GAEPLEDFDDGJLBGAABCNKENBCMAA.gg@stober.mailsnare.net>
    >MIME-Version: 1.0
    >Content-Type: text/plain;
    > charset="iso-8859-1"
    >Content-Transfer-Encoding: 7bit
    >X-Priority: 3 (Normal)
    >X-MSMail-Priority: Normal
    >X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
    >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
    >Importance: Normal
    >
    >
    >The networked applications I am responsbile for have been performing slowly.
    >When I tried to run Ethereal on my computer, I found some odd ICMP echo
    >request (ping) packets with a source IP of 127.0.01, to addresses both
    >within our 192.168.1.* network as well as to random Internet addresses. The
    >source and destination Mac addresses aren't anything I can associate with a
    >computer on our network (and they're not the real Mac address of my
    >computer), so I think maybe these packets are spoofed? Could this be some
    >sort of virus or DOS attack somewhere within our network? I've haven't seen
    >anything quite like this mentioned online anywhere.
    >
    >Thanks, Marc
    >
    >
    >---------------------------------------------------------------------------
    >Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    >any course! All of our class sizes are guaranteed to be 10 students or less
    >to facilitate one-on-one interaction with one of our expert instructors.
    >Attend a course taught by an expert instructor with years of in-the-field
    >pen testing experience in our state of the art hacking lab. Master the skills
    >of an Ethical Hacker to better assess the security of your organization.
    >Visit us at:
    >http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    >----------------------------------------------------------------------------
    >
    >

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

  • Next message: die tuere: "Re: virus mail ignores MX?"

    Relevant Pages

    • Re: 192.168.x.x oddities
      ... > network are non-routable. ... > the only address-space the router is configured to support. ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: Network Traffic Monitor
      ... Subject: Network Traffic Monitor ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Security-Basics)
    • Re: Strange pings from 127.0.0.1
      ... DoS where it resolves to DNS, ... > within our 192.168.1.* network as well as to random Internet addresses. ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • Re: Network Discovery & Asset Management Tools
      ... I suggest using SMS 2.0 the network and asset management functions of it ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • Fwd: antivirus for linux
      ... CA Antivirus for Linux. ... >> pen testing experience in our state of the art hacking lab. ... > Ethical Hacking at the InfoSec Institute. ...
      (Security-Basics)