Topic: Firewall Assaulted and SAG ?'s.

[WIldkow]

For the past two days I have received over 500 Snort/ACID alerts  for "ICMP PING CyberKit 2.2 Windows" almost all coming from different ip's but almost all in this range 24.xxx.xxx.xxx.  This is the same range or ip for AT&T which is my ISP.  So I am assuming that someone is bouncing this ping off these ip addresses.  Fact is I'm a bit of a n00b so my question is what should I do?

Guardian (not Dan's) is not blocking these, that I can see in the Guardian log.   Is there a way to have these addresses or this type of PING blocked for 24+ hours automagically?

Another question at a friends site we have a ISDN/DSL Router with a public ip address feeding into our e-smith/SME box over a private ip address.  Then out to the local LAN.  with SAG as the IDS.  Is there a way to monitor the public ip address from the e-smith/SME box and if so will ACID/Guardian work.  I have done some research and I found info on "Sensors and var HOME_Net" for Snort but am still confused as to the implementation.

TIA

Wildkow

[Steve Bush]

We use sprint and I'm getting the same thing from Sprint IP's.

[WIldkow]

I got this back from Sunflower.com an ISP which I complained to about their customers.  Boy that was quick, and personal wish I had them instead of Comcast.


Brian
It's not a single person.  We're an ISP (Sunflower) and there's a new virus out that is pinging multiple comptuers.  It's the Nachi virus.  Here's a link about it: http://www.sophos.com/virusinfo/analyses/w32nachia.html

We're addressing the issue and addressing customers as we identify them as being infected.  This is not an attack upon you per se, it's just viruses trying to spread.

[dave]

WIldkow,

This is impressive (the response).  I've sent dozens of such complaints off to as many ISP's and if I get anything back, it's an auto response (and that's rare).  That this group actually hand wrote a response to you is unheard of.

Nice to know there is at least one ISP interested in what's going on in their network.

Dave