[NTLUG:Discuss] ICMP virus was: ICMP connection request to port 2048

Tom Tumelty tumelty4 at yahoo.com
Thu Aug 21 20:43:16 CDT 2003 

I use Agnitum outpost firewall and this is a sample of
what i have been seeing in my firewall log the last
few days. I apologize for the poor format :

Date/Time                  Attack Type
8/21/2003 8:36:02 PM	Connection request	
IP Address        Scan Port Details
65.148.176.236	ICMP(2048)
 
8/21/2003 8:35:57 PM	Connection request	65.148.107.250
ICMP(2048) 

8/21/2003 8:35:39 PM	Connection request	65.150.137.9
ICMP(2048) 

8/21/2003 8:35:32 PM	Connection request	65.150.249.254
ICMP(2048) 

8/21/2003 8:35:16 PM	Connection request	65.150.84.158
ICMP(2048) 

8/21/2003 8:35:08 PM	Connection request	65.150.138.212
ICMP(2048) 

8/21/2003 8:34:52 PM	Connection request	65.150.168.255
ICMP(2048) 

8/21/2003 8:34:51 PM	Connection request	65.148.109.104
ICMP(2048) 

8/21/2003 8:34:48 PM	Connection request	65.148.118.6
ICMP(2048) 

8/21/2003 8:34:39 PM	Connection request	65.147.77.181
ICMP(2048) 

8/21/2003 8:34:01 PM	Port scanned	68.75.27.16	TCP(445)


8/21/2003 8:34:01 PM	Connection request	68.75.27.16
TCP(445) 

8/21/2003 8:33:50 PM	Connection request	65.146.235.162
ICMP(2048) 

8/21/2003 8:33:31 PM	Connection request	65.147.94.253
ICMP(2048) 

8/21/2003 8:33:17 PM	Connection request	65.148.174.118
ICMP(2048) 

8/21/2003 8:33:03 PM	Connection request	65.148.90.184
ICMP(2048) 

8/21/2003 8:32:58 PM	Connection request	64.136.21.233
TCP(1387) 

8/21/2003 8:32:58 PM	Connection request	65.148.186.140
ICMP(2048) 

8/21/2003 8:32:49 PM	Connection request	65.148.118.65
ICMP(2048) 

8/21/2003 8:32:44 PM	Connection request	65.148.34.24
ICMP(2048) 

8/21/2003 8:32:34 PM	Connection request	65.148.230.231
ICMP(2048) 

8/21/2003 8:32:16 PM	Connection request	65.148.172.130
ICMP(2048) 

8/21/2003 4:38:04 PM	Connection request	65.148.86.70
ICMP(2048) 

8/21/2003 4:37:46 PM	Connection request
203.228.199.106	ICMP(2048) 

8/21/2003 4:37:28 PM	Connection request	67.33.150.41
ICMP(2048) 

8/21/2003 4:37:18 PM	Connection request	4.72.0.22
ICMP(2048) 

8/21/2003 4:36:51 PM	Connection request	65.148.135.199
ICMP(2048) 

8/21/2003 4:36:51 PM	Connection request	138.89.36.108
ICMP(2048) 

8/21/2003 4:36:28 PM	Port scanned	62.189.244.228
TCP(28752) TCP(9799) 



--- Paul Ingendorf <pauldy at wantek.net> wrote:
> This would not be entirely unheard of but I haven't
> seen one.  There used to
> be a vulnerability on many dialup users were sending
> an echo or ping packet
> with ATH0+++ would cause the remote users modem to
> hang up.
> 
> -----Original Message-----
> From: discuss-bounces at ntlug.org
> [mailto:discuss-bounces at ntlug.org]On
> Behalf Of Vaidya, Harshal (Cognizant)
> Sent: Wednesday, August 20, 2003 12:56 AM
> To: NTLUG Discussion List
> Subject: RE: [NTLUG:Discuss] ICMP connection request
> to port 2048
> 
> 
> I am wondering whether any Virus could propogate
> through ICMP! This
> seems nearly impossible.
> Never heard of anythng like that before.
> 
> Harshal.
> 
> -----Original Message-----
> From: Tom Tumelty [mailto:tumelty4 at yahoo.com]
> Sent: Wednesday, August 20, 2003 10:39 AM
> To: discuss at ntlug.org
> Subject: [NTLUG:Discuss] ICMP connection request to
> port 2048
> 
> 
> Does anybody know of a virus that would request ICMP
> connection to port 2048. The last 2 days I have many
> attempts to connect to this port from many different
> addresses. I am running XP.
> 
> Thanks,
> Tom
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site
> design software
> http://sitebuilder.yahoo.com
> 
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
> 
> 
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

More information about the Discuss mailing list