Hi, I am curious what I should do about Ping of Death attacks that are being executed against my computer as I write this. I contacted my ISP a few days ago but haven't heard anything from them. Here's a sample from my firewall log:
Apr/27/2005 00:39:49
Drop TCP packet from WAN src:81.4.29.38:22102 dst:*.*.*.*:7426 Rule: Ping Of Death Block deny
Apr/27/2005 00:39:47
Drop TCP packet from WAN src:130.225.243.71:9026 dst:*.*.*.*:7426 Rule: Ping Of Death Block deny
Apr/27/2005 00:39:43
Drop TCP packet from WAN src:200.122.159.75:20218 dst:*.*.*.*:63256 Rule: Default deny
Apr/27/2005 00:39:43
Drop TCP packet from WAN src:81.4.29.38:22102 dst:*.*.*.*:7426 Rule: Ping Of Death Block deny
Apr/27/2005 00:39:41
Drop TCP packet from WAN src:130.225.243.71:9026 dst:*.*.*.*:7426 Rule: Ping Of Death Block deny
Apr/27/2005 00:39:40
Drop TCP packet from WAN src:81.4.29.38:22102 dst:*.*.*.*:7426 Rule: Ping Of Death Block deny
Apr/27/2005 00:39:38
Drop TCP packet from WAN src:130.225.243.71:9026 dst:*.*.*.*:7426 Rule: Ping Of Death Block deny
++Note: I have removed my IP address and replaced it with *.*.*.*
These are constant, averaging about 5 attacks per minute. Now my main worry is that my firewall is stopping this, but could it be missing other attacks? And is there any way to trace where this attack is coming from? (I realize that the original sender could be spoofing or doing the bounce style attack) I'm not an expert in security and really don't know a lot. But any information about this would be helpful.
-Dale
"There's no such thing as bad luck, just an absence of good luck.
Apr/27/2005 00:39:49
Drop TCP packet from WAN src:81.4.29.38:22102 dst:*.*.*.*:7426 Rule: Ping Of Death Block deny
Apr/27/2005 00:39:47
Drop TCP packet from WAN src:130.225.243.71:9026 dst:*.*.*.*:7426 Rule: Ping Of Death Block deny
Apr/27/2005 00:39:43
Drop TCP packet from WAN src:200.122.159.75:20218 dst:*.*.*.*:63256 Rule: Default deny
Apr/27/2005 00:39:43
Drop TCP packet from WAN src:81.4.29.38:22102 dst:*.*.*.*:7426 Rule: Ping Of Death Block deny
Apr/27/2005 00:39:41
Drop TCP packet from WAN src:130.225.243.71:9026 dst:*.*.*.*:7426 Rule: Ping Of Death Block deny
Apr/27/2005 00:39:40
Drop TCP packet from WAN src:81.4.29.38:22102 dst:*.*.*.*:7426 Rule: Ping Of Death Block deny
Apr/27/2005 00:39:38
Drop TCP packet from WAN src:130.225.243.71:9026 dst:*.*.*.*:7426 Rule: Ping Of Death Block deny
++Note: I have removed my IP address and replaced it with *.*.*.*
These are constant, averaging about 5 attacks per minute. Now my main worry is that my firewall is stopping this, but could it be missing other attacks? And is there any way to trace where this attack is coming from? (I realize that the original sender could be spoofing or doing the bounce style attack) I'm not an expert in security and really don't know a lot. But any information about this would be helpful.
-Dale
"There's no such thing as bad luck, just an absence of good luck.