| View previous topic :: View next topic |
| Author |
Message |
dfuse
Guru
Joined: 07 Apr 2003
Posts: 395
Location: Belgium
|
 Posted: Tue Jan 06, 2004 8:39 am Post subject: what is ping of death? getting it a lot on my router |
 |
|
Hey,
this is not really a Gentoo question, but I wouldn't know where else to post it,
since a few days I'm getting a lot of ping of deaths on my router:
| Code: |
Jan/06/2004 05:03:03 Ping of Death Detect 217.84.50.222:33249 81.89.99.194:29179 Packet Dropped
Jan/06/2004 04:02:37 Ping of Death Detect 217.84.50.222:33748 81.89.99.194:29179 Packet Dropped
Jan/06/2004 03:00:10 Ping of Death Detect 217.84.50.222:33492 81.89.99.194:29179 Packet Dropped
Jan/06/2004 01:54:46 Ping of Death Detect 217.84.50.222:33407 81.89.99.194:29179 Packet Dropped
Jan/06/2004 00:54:40 Ping of Death Detect 217.84.50.222:33658 81.89.99.194:29179 Packet Dropped
Jan/05/2004 23:53:41 Ping of Death Detect 217.84.50.222:33127 81.89.99.194:29179 Packet Dropped
Jan/05/2004 22:51:18 Ping of Death Detect 217.84.50.222:33089 81.89.99.194:29179 Packet Dropped
Jan/05/2004 21:50:34 Ping of Death Detect 217.84.50.222:33452 81.89.99.194:29179 Packet Dropped
Jan/05/2004 21:10:04 Ping of Death Detect 217.84.50.222:33182 81.89.99.194:29179 Packet Dropped
Jan/05/2004 20:49:51 Ping of Death Detect 217.84.50.222:32790 81.89.99.194:29179 Packet Dropped
|
I have a dynamic ip address and the ping of death's stay coming even when my ip changes (but I do have a dns name with no-ip.org so I guess the person who's doing this targets my dns name). The ping of death's don't do anything harmful to me because my router drops them, but I'd still like to know what I can do against this. I googled for ping of death and I'm pretty sure it's a malicious attempt to get my os down. |
|
| Back to top |
|
 |
dfuse
Guru
Joined: 07 Apr 2003
Posts: 395
Location: Belgium
|
| Posted: Tue Jan 06, 2004 8:49 am Post subject: |
|
|
| I've looked up the ipaddress with www.network-tools and came out on some german isp. I've mailed to the abuse mail that was listed on the RIPE database, I hope this helps. It is possible for a hacker to make the origin of the attack appear from that ip but actually coming from another? |
|
| Back to top |
|
|
fleed
l33t
Joined: 28 Aug 2002
Posts: 756
Location: London
|
| Posted: Tue Jan 06, 2004 9:28 am Post subject: |
|
|
| It is possible for them to spoof their ip address indeed. And if they're only trying to bring your system down rather than gain access to it then they'd most likely do so. I'm sorry but I don't know anything about ping of death so I can't help you. IIRC though it's something that's been handled safely by the kernel for a few years now. When I turned on logging in my iptables rules I saw that the great majority of the entries were for pings/icmp (which I block anyway). I just added a rule to ignore those instead of logging them otherwise it's difficult to trawl through masses of repetitive data. |
|
| Back to top |
|
|
dfuse
Guru
Joined: 07 Apr 2003
Posts: 395
Location: Belgium
|
| Posted: Tue Jan 06, 2004 9:41 am Post subject: |
|
|
| Hm I'm not worried about my linux'es, I have a separate hardware router, which drops pings, but what I'm worried about is if the constant attacks generate traffic that slows down my connection (for which I'm paying in the end) |
|
| Back to top |
|
|
fleed
l33t
Joined: 28 Aug 2002
Posts: 756
Location: London
|
| Posted: Tue Jan 06, 2004 9:57 am Post subject: |
|
|
Then I think you're right to be worried and there's not much you can do unless the ISP of the offender takes action.
On a side note, you can also find out details on the ip address with the whois command. It's in net-misc/whois. |
|
| Back to top |
|
|
dfuse
Guru
Joined: 07 Apr 2003
Posts: 395
Location: Belgium
|
| Posted: Tue Jan 06, 2004 9:59 am Post subject: |
|
|
| I'm on windows machine now on my work. But I already looked up the ip with the whois tools on network-tools.com and contacted the abuse departement of the isp I found. No response yet though. |
|
| Back to top |
|
|
|
Networking & Security
