Information, OpenSourceSoftware, Security

Increase in ICMP “Echo Requests” with decreasing TTL

The last week, I have seen an increase in ICMP Echo requests from Iran to my two Honeynets (on different networks here in Norway). Special about this, is that they ping every hosts on the network, with a TTL starting between 85 to 231 and decreasing to 0. Then it seems that they keep on pinging hosts on the networks that they found, about once each 2. day after that, but from new hosts, in the same network.

My guess is, that its a mapping of the network of some kind, but for what, we will have to wait and see 🙂

IP’s involved that I see are from the nets: and which are both in the net which seems to belong to:

inetnum: –
netname: IR-SHARIF-20020603
descr: Sharif University Of Technology
country: IR


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s