OK, it's done! I have tried: "tcpdump icmp > tcpdump_results2" and "tcpdump icmp > tcpdump_results3". The files are at: http://xenon4.fe.up.pt/tcpdump_results2 and http://xenon4.fe.up.pt/tcpdump_results3
Ranko Veselinovic <[EMAIL PROTECTED]> sent me privatly the followin e-mail which I think might be relevant for the issue in question: _______________________ I'm not sure but I think when you send an ICMP ECHO-Request to a broadcast address that the whole network will answer whit echo-replys. I think this is a kind of smurf-attack and the address where the replys where sent is the target of the attacker. You were just abuse for this attack. greets Ranko ________________________ Now I think I'm starting to understand what has been going on. In fact, there are several "echo request" to the adress 193.136.29.0 (my IP adress is 193.136.29.189). What I still don't understand is why windows machines don't reply to this atack and Unix machines do. Also, do you know how can I block this atack? Anyway, thank you for bringing some light into my mind. At least now I have an idea of what has been going on. Nuno Faria Michael Stone wrote: > > On Thu, Jul 27, 2000 at 08:56:21AM +0100, Nuno Faria wrote: > > Yes, I had already noticed that when I ping a machine, the packets show > > up in tcpdump as a series of echo-requests and echo-replys, but in this > > case I can't find the echo-requests. > > Try "tcpdump icmp". That will show you all icmp traffic. Look for echo > requests coming from the remote system, especially going to a broadcast > address. (Something like x.x.x.255) Let us know what you find. > > -- > Mike Stone
