Ask the Expert

Getting pinged 100+ times a day by packets with no source address

Sir, recently we have been bombarded with pings with the return address of 0000. Luckily our Zone Alarm has caught all (we hope)of these pings. Would you have any idea how, or where these could be coming from -- or, more importantly, how to stop this? No one we have spoken to has heard of this one. Sometimes we get 100 of these in one day. Thank you in advance.

    Requires Free Membership to View

I used Zone Alarm until about a year ago, but unfortunately I don't remember enough about it to interpret the messages it's giving you. I can't think of any reasonable explanation for ICMP/PING packets not to have a source address.

I wish I knew what type of network you're connected to. Routers shouldn't forward packets without a source address, so there's a good chance that it's coming from your local area network. If it is coming from your LAN, you can inspect the MAC address of the frame to determine which network card is generating it (assuming that, too, hasn't been blocked). If you don't have a list of the MAC addresses of systems on your LAN, you can check a given system by running "IPCONFIG -all" from a command prompt and looking for the Physical Address. That will work for most versions of Windows.

I have to wonder why you want to stop it? 100 datagrams per day certainly doesn't constitute a denial-of-service attack, and ICMP datagrams aren't generally used for more sophisticated attacks.


This was first published in May 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: