You could always filter the ICMP ECHO type 8 on the firewall which basically will just not respond to these requests. Might be nicer to capture the packets and inspect them to see if anything else is going on..
Z Edward Ziots CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] From: Richard McClary [mailto:[email protected]] Sent: Friday, June 01, 2012 2:59 PM To: NT System Admin Issues Subject: Ping attack attempts Greetings! Second time this has happened (that I know of, anyway) to us... Every 10 minutes (for the past 2 hours), some * sends about 2 dozen ping attempts to our firewall. Obviously scripted, and probably spoofed IPs as well. (Firewall is set to block external ICMP traffic.) In ARIN, the IP addresses are assigned to an on-line video service (OVGuide.com). That IP is part of the Internap system. Again, though, the IPs are likely spoofed. Other than turning off the alarms so that such attempts are no longer reported (which would reduce mail traffic), is this just something to live with? -- Richard D. McClary Jr Infrastructure Architect, Information Technology Group ASPCA(r) 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 [email protected] P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org <http://www.aspca.org/> The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
