scheduled pings
Matt Gostick
matt at crazylogic.net
Thu May 6 17:39:47 PDT 2004
Hello,
I have just setup some ipfw rules to checkout some traffic to one of my
boxes. I have three servers, only one of which has weird traffic. It
is getting ping'd on a five minute interval from approx 3 to 8 different
ip addresses within the same second. For example:
May 3 20:20:03 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 202.160.241.130
xxx.xxx.xxx.xxx in via dc0
May 3 20:20:13 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 202.160.241.130
xxx.xxx.xxx.xxx in via dc0
May 3 20:25:03 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 64.35.7.130
xxx.xxx.xxx.xxx in via dc0
May 3 20:25:03 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 212.162.1.194
xxx.xxx.xxx.xxx in via dc0
May 3 20:25:03 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 216.74.133.194
xxx.xxx.xxx.xxx in via dc0
May 3 20:25:03 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 63.218.7.130
xxx.xxx.xxx.xxx in via dc0
May 3 20:25:03 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 166.90.213.130
xxx.xxx.xxx.xxx in via dc0
May 3 20:25:04 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 205.158.108.194
xxx.xxx.xxx.xxx in via dc0
May 3 20:25:13 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 64.35.7.130
xxx.xxx.xxx.xxx in via dc0
May 3 20:25:13 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 212.162.1.194
xxx.xxx.xxx.xxx in via dc0
May 3 20:25:13 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 216.74.133.194
xxx.xxx.xxx.xxx in via dc0
May 3 20:25:13 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 63.218.7.130
xxx.xxx.xxx.xxx in via dc0
May 3 20:25:13 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 166.90.213.130
xxx.xxx.xxx.xxx in via dc0
May 3 20:25:14 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 205.158.108.194
xxx.xxx.xxx.xxx in via dc0
I've just started denying pings to the box...
What is this?
Matt Gostick <matt at crazylogic.net>
More information about the freebsd-security
mailing list