Re: Strange pings from 127.0.0.1

From: Murad Talukdar (talukdar_m_at_subway.com)
Date: 06/18/04

  • Next message: Ross, George: "RE: Reconstructing network topology maps"
    Date: Fri, 18 Jun 2004 09:43:07 +1000
    To: Tim Schwimer <tschwimer@hotmail.com>, security-basics@securityfocus.com
    
    

    I've been getting this on my router logs saying that the tcp got dropped.
     Source:127.0.0.1, 80, WAN - Destination:210.80.144.150, 1912, LAN -
    'Suspicious TCP Data'

    Did you work out what it was with the pings? Not sure if it's similar or
    not.

    Murad Talukdar

    ----- Original Message -----
    From: "Tim Schwimer" <tschwimer@hotmail.com>
    To: <security-basics@securityfocus.com>
    Sent: Sunday, June 13, 2004 5:24 PM
    Subject: Re: Strange pings from 127.0.0.1

    > In-Reply-To: <GAEPLEDFDDGJLBGAABCNKENBCMAA.gg@stober.mailsnare.net>
    >
    > I started seeing the same thing on my DMZ segments this Friday afternoon
    at about 4:00pm (figures, huh??). Anyway, I was wondering what you found out
    about this. Any insight would be appreciated.
    > Thanks,
    > T
    > >Received: (qmail 20239 invoked from network); 14 May 2004 15:58:54 -0000
    > >Received: from outgoing.securityfocus.com (HELO
    outgoing2.securityfocus.com) (205.206.231.26)
    > > by mail.securityfocus.com with SMTP; 14 May 2004 15:58:54 -0000
    > >Received: from lists.securityfocus.com (lists.securityfocus.com
    [205.206.231.19])
    > > by outgoing2.securityfocus.com (Postfix) with QMQP
    > > id 4018A1437B0; Fri, 14 May 2004 17:53:53 -0600 (MDT)
    > >Mailing-List: contact security-basics-help@securityfocus.com; run by
    ezmlm
    > >Precedence: bulk
    > >List-Id: <security-basics.list-id.securityfocus.com>
    > >List-Post: <mailto:security-basics@securityfocus.com>
    > >List-Help: <mailto:security-basics-help@securityfocus.com>
    > >List-Unsubscribe: <mailto:security-basics-unsubscribe@securityfocus.com>
    > >List-Subscribe: <mailto:security-basics-subscribe@securityfocus.com>
    > >Delivered-To: mailing list security-basics@securityfocus.com
    > >Delivered-To: moderator for security-basics@securityfocus.com
    > >Received: (qmail 13781 invoked from network); 13 May 2004 21:45:06 -0000
    > >From: "Marc" <gg@stober.mailsnare.net>
    > >To: <security-basics@securityfocus.com>
    > >Subject: Strange pings from 127.0.0.1
    > >Date: Thu, 13 May 2004 23:55:35 -0400
    > >Message-ID: <GAEPLEDFDDGJLBGAABCNKENBCMAA.gg@stober.mailsnare.net>
    > >MIME-Version: 1.0
    > >Content-Type: text/plain;
    > > charset="iso-8859-1"
    > >Content-Transfer-Encoding: 7bit
    > >X-Priority: 3 (Normal)
    > >X-MSMail-Priority: Normal
    > >X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
    > >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
    > >Importance: Normal
    > >
    > >
    > >The networked applications I am responsbile for have been performing
    slowly.
    > >When I tried to run Ethereal on my computer, I found some odd ICMP echo
    > >request (ping) packets with a source IP of 127.0.01, to addresses both
    > >within our 192.168.1.* network as well as to random Internet addresses.
    The
    > >source and destination Mac addresses aren't anything I can associate with
    a
    > >computer on our network (and they're not the real Mac address of my
    > >computer), so I think maybe these packets are spoofed? Could this be some
    > >sort of virus or DOS attack somewhere within our network? I've haven't
    seen
    > >anything quite like this mentioned online anywhere.
    > >
    > >Thanks, Marc
    > >
    > >
    >
    >---------------------------------------------------------------------------
    > >Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
    off
    > >any course! All of our class sizes are guaranteed to be 10 students or
    less
    > >to facilitate one-on-one interaction with one of our expert instructors.
    > >Attend a course taught by an expert instructor with years of in-the-field
    > >pen testing experience in our state of the art hacking lab. Master the
    skills
    > >of an Ethical Hacker to better assess the security of your organization.
    > >Visit us at:
    > >http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    >
    >---------------------------------------------------------------------------
    -
    > >
    > >
    >
    > --------------------------------------------------------------------------
    -
    > Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    > any course! All of our class sizes are guaranteed to be 10 students or
    less
    > to facilitate one-on-one interaction with one of our expert instructors.
    > Attend a course taught by an expert instructor with years of in-the-field
    > pen testing experience in our state of the art hacking lab. Master the
    skills
    > of an Ethical Hacker to better assess the security of your organization.
    > Visit us at:
    > http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    > --------------------------------------------------------------------------

    --
    >
    >
    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
    any course! All of our class sizes are guaranteed to be 10 students or less 
    to facilitate one-on-one interaction with one of our expert instructors. 
    Attend a course taught by an expert instructor with years of in-the-field 
    pen testing experience in our state of the art hacking lab. Master the skills 
    of an Ethical Hacker to better assess the security of your organization. 
    Visit us at: 
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------
    

  • Next message: Ross, George: "RE: Reconstructing network topology maps"

    Relevant Pages

    • Re: Securing Linux based public access terminals
      ... I wouldn't run a window manager at all, ... have no valid logins on the box (don't put passwords on it for ... >> pen testing experience in our state of the art hacking lab. ... >> of an Ethical Hacker to better assess the security of your organization. ...
      (Security-Basics)
    • RE: email address "spoofed"
      ... >> pen testing experience in our state of the art hacking lab. ... >> of an Ethical Hacker to better assess the security of your organization. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • Re: exposure to bootable Linux distros
      ... If you like PHLAK, you'll love Knoppix-STD (Security ... >> pen testing experience in our state of the art hacking lab. ... >> of an Ethical Hacker to better assess the security of your organization. ...
      (Security-Basics)
    • Re: Bank Assessment
      ... >> Attend a course taught by an expert instructor with years of ... >> pen testing experience in our state of the art hacking lab. ... >> of an Ethical Hacker to better assess the security of your organization. ...
      (Pen-Test)
    • RE: GOTOMYPC Corporate?
      ... and have recommended it to clients because it is a reliable and simple method to circumvent firewalls an NAT boundaries for outside remote access. ... >> pen testing experience in our state of the art hacking lab. ... >> of an Ethical Hacker to better assess the security of your organization. ...
      (Security-Basics)