Sir, recently we have been bombarded with pings with the return address of 0000. Luckily our Zone Alarm has caught all (we hope)of these pings. Would you have any idea how, or where these could be coming from -- or, more importantly, how to stop this? No one we have spoken to has heard of this one. Sometimes we get 100 of these in one day. Thank you in advance.
I wish I knew what type of network you're connected to. Routers shouldn't forward packets without a source address, so there's a good chance that it's coming from your local area network. If it is coming from your LAN, you can inspect the MAC address of the frame to determine which network card is generating it (assuming that, too, hasn't been blocked). If you don't have a list of the MAC addresses of systems on your LAN, you can check a given system by running "IPCONFIG -all" from a command prompt and looking for the Physical Address. That will work for most versions of Windows.
I have to wonder why you want to stop it? 100 datagrams per day certainly doesn't constitute a denial-of-service attack, and ICMP datagrams aren't generally used for more sophisticated attacks.
This was first published in May 2002