Anyone noticing unusually large amount of ICMP?

[bcastner]

Have seen several threads raising the question of why their lan logs are showing high amounts of ICMP traffic in the last few days.

Anyone else seeing this, and know the source? The sites appear to be Welchavia virus clean.

 

[WheeDoggy]

Yes.

There have been way too many ping attempts coming lately.

All seem to originate from 66.x.x.x which spans many sources.

 

[bcastner]

Mine seem to be IP spoofing attempts.
I know the orginal source of this odd stream was from Welchavia and other email worm IMAPI exploits.

I am clean on this site having the issue, but the traffic is incredible at times. I am denying all ICMP requests other than type 6 and 8 that is required by the SMTP mail server that I echo.

Not sure what to do about it. The traffic, all denied, can be incredibly heavy at times.

 

[jimbopalmer]

Just think how bad it would be if you were the University of Wisconson, 700,000 Netgear routers can ask them for the correct SNTP time every second, in a Firmware DDOS attack.

http://www.cs.wisc.edu/~plonka/netgear-sntp/

I encourage any users of Netgear platinum colored routers to upgrade!

I tried to remain child-like, all I acheived was childish.

 

[bcastner]

Thanks jim,

Something like a DOS is going on with odd amounts of traffic. If have yet to catch NTP traffic, but what a mess for any router to handle if this becomes more widespread.

It was the ICMP traffic last week that alerted me to some sort of DOS attack going on.

I can hardly wait for this coming week...

Something is definately going on as a deliberate DOS.