Further to this, most (if not all) of the pinging machines are listening on port 707, and 1025 (as well as 139 often). Perhaps a new bug for the week? Cheers, Tim. On Tue, Aug 19, 2003 at 01:08:59AM +1200, Perry Lorier wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Is everyone else seeing ICMP echo request packets sent to random IP's from what appear to be insecure windows machines? The pings seem to be appearing every few minutes, and don't seem to be isolated to any particular ISP, or even anywhere in particular in the world, which is easily confirmed by ssh'ing to machines in the US and EU and doing tcpdump and seeing exactly the same traffic.
The pings look like:
00:53:59.511049 61.85.33.233 > xx.xx.xx.xx: icmp: echo request (ttl 114, id 32026, len 92) 0x0000 4500 005c 7d1a 0000 7201 028e 3d55 21e9 E..\}...r...=U!. 0x0010 xxxx xxxx 0800 fba0 0400 a309 aaaa aaaa .m.M............ 0x0020 aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa ................ 0x0030 aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa ................ 0x0040 aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa ................ 0x0050 aaaa aaaa aaaa aaaa aaaa aaaa ............
-- Tim Thomson