Re: ICMP, normal traffic?



johnnypoll <jpollard@xxxxxxxxxxxxxxxx> wrote:
I had not replies to my earlier WAN Overload? email. Sadly our ISP has
simply said that our hardware would not be adversly affected by
broadcast traffic. Here is output from our firewall showing many ICMP
logs, is it normal to receive so many all within a second?

No, it's not normal to receive that many echo-requests. It may be
someone trying to DoS your uplink. The source IP looks like it's
dynamically assigned to dialup-users or something. The owner of the
netblock is Easynet [1], so you may want to contact them about this
matter.

However, since you said in your previous post that not only your inbound
but also your outbound traffic is unusually high, you may first want to
find out what's going on on your own network. Try inspecting the traffic
with a protocol analyzer (e.g. Wireshark [2]).

[1] http://www.easynet.net/
[2] http://www.wireshark.org/

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
.



Relevant Pages

  • Re: Is FreeBSD ready for desktop (Mozilla Flash)
    ... >> Microsofts hardware detection and FreeBSD's hardware detection has more to ... > printers, etc. where FBSD fails to do so? ... A logs in and gets /dev/dsp. ... and snd_* and try loading them until your sound card works. ...
    (comp.unix.bsd.freebsd.misc)
  • Re: windows start failure after power surge
    ... reformat and I had talked to our IT guy at work. ... offered last know good config and safe mode. ... I will try the step by step hardware troubleshoot. ... > recorded in the logs. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Hardware diagnostics
    ... I have a Debian Etch installation that's beoming increasingly ... It periodically freezes up, with nothing in the logs until ... Can anybody recommend a good hardware diagnostic or "burn-in" program? ...
    (Debian-User)
  • Re: kitty.avast.com scanning my ports and internal process trying to access their ip
    ... A port scan often indicates ... >>The ICMP you see is most likely an ICMP port unreachable or host ... attempting to get out to avast, rather there might be some packets ... I've seen nothing in my firewall logs to indicate ...
    (comp.security.firewalls)
  • Re: [SLE] Unclean shutdown SuSE 9.2
    ... How long has this system been in service with the present configuration? ... What hardware? ... Anything interesting in the logs? ... The root partition is always 'dirty' on startup. ...
    (SuSE)