Re: Question: excessive pinging by the same IP

From: David (davidwnh@adelphia.net)
Date: 11/23/02

Next message: David: "Re: Appliance advice needed (question)"
Previous message: David: "Re: Firewall and Home Network"
In reply to: NeoSadist: "Re: Question: excessive pinging by the same IP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "David" <davidwnh@adelphia.net>
Date: Fri, 22 Nov 2002 23:39:20 GMT

If it is the same range of ports on a somewhat "regularly scheduled
interval" than it is usually a worm or an automated script. If your firewall
is blocking it there is no reason for concern. It is more a nuisance than
anything and if it continues you can find out the particular ISP using
something like samspade.org. Then make a quick visit to the ISP's website
and score the appropriate email address. A quick email to them (include log
excerpts with time and date incase the IP is DHCP assigned) may bring some
peace and possibly help out someone who doesn't know they are infected with
something. Or you may get lucky and put the fear of god into some script
kiddie :)

If you are on broadband and can spare enough cash for a router you might
find the peace and quiet it will afford you from such alerts quite
comforting.

> > I've been getting pinged by 'random' IP's now for a few months
> > to port 137, I have learned that that was caused by some worm
> > going around. However lately I have been getting pinged by one
> > particular IP (24.247.56.43) quite excessively for a few days
> > now. I've learned to live with the random pings from all the
> > various IP's, but this one particular IP keeps showing up over
> > and over again, in fact I have been on for 2 hours and I've been
> > pinged over 10 times by (24.247.56.43) to the usual 1025 thru 1029
> > etc. My ZA keeps blocking & logging the attacks...but I'm really
> > wondering if its anything to worry about?
> >
> > any thoughts appreciated, Thanks!

Next message: David: "Re: Appliance advice needed (question)"
Previous message: David: "Re: Firewall and Home Network"
In reply to: NeoSadist: "Re: Question: excessive pinging by the same IP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: UDP Ports, closing Win2K Server (No IIS)
... What's listening on UDP 995? ... The worm spreads via email but some antivirus vendors report ... against using IPSec as a firewall, and blocking just one or two ports here ...
(microsoft.public.inetserver.iis.security)
Re: ICF and File Sharing
... Those ports are the critical ones and should not be opened without any valid reason. ... Windows XP Shell ... What You Should Know About the Sasser Worm and It Variants: ...
(microsoft.public.windowsxp.general)
RE: New script-kiddie looking scan
... but what i can see from your logfile it looks like its just a vulnerability scanner. ... But i dont think its a worm becuase worms often use use a specific vulnerability ... in succession from increasing source ports). ...
(Incidents)
Re: Comcast blocks Exchange - any way around this?
... I ran into problems sending e-mail, ... It was MSBlast & their FAQ said it was temporary. ... worm, Comcast has temporarily shut down access to ports 135 and 445. ...
(microsoft.public.windows.server.sbs)