Information, OpenSourceSoftware, Security

Increase in ICMP “Echo Requests” with decreasing TTL

The last week, I have seen an increase in ICMP Echo requests from Iran to my two Honeynets (on different networks here in Norway). Special about this, is that they ping every hosts on the network, with a TTL starting between 85 to 231 and decreasing to 0. Then it seems that they keep on pinging hosts on the networks that they found, about once each 2. day after that, but from new hosts, in the same network.

My guess is, that its a mapping of the network of some kind, but for what, we will have to wait and see 🙂

IP’s involved that I see are from the nets: 81.31.186.0/24 and 81.31.183.0/24 which are both in the net 81.31.160.0/19 which seems to belong to:

inetnum: 81.31.160.0 – 81.31.191.255
org: ORG-SUOT1-RIPE
netname: IR-SHARIF-20020603
descr: Sharif University Of Technology
descr: PROVIDER LOCAL REGISTRY
country: IR

Advertisements
Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s