Here is the official Digital Isle party line. The part that I like is "3) Respond to this message requesting we stop pinging your server. In this event our pinging will cease in several days." Several days? I'm wondering if I can send a bill to Digital Isle for beta testing their product on my time and bandwidth without even asking me. Regards, Christopher ---------- Original Message ---------------------------------- From: Sean Gleason <sgleason@digisle.net> Date: Fri, 26 Oct 2001 01:02:21 +0000 (GMT) Chris, We apologize for any inconvenience caused by pings (ICMP_ECHO packets) coming from our machines. Your server was being pinged as part of our real-time "network weather" mapping system called Best Distributor Selection. BDS is an essential part of Footprint, Digital Island's intelligent network service offering. It is used to optimize performance when your customers access the web resources of our customers. Many large web publishers, such as AOL, CNBC and Blue Mountain, use our Footprint service to speed up the delivery of their web content. Our system intelligently matches browsers to the servers on our Footprint network that will provide the best performance. The dynamic nature of routing and congestion on the Internet make it necessary for us to constantly update our maps. Our network was pinging your system because it appeared to be a name server with a sufficient number of resolution requests for our customer web sites to be placed on the list of network nodes to be constantly observed for Internet congestion. By pinging your name server, we can provide better quality of service to your users when they access the web sites of our expanding customer list. We hope you will consider granting us permission to continue pinging a name server in your domain. Sandpiper Networks merged with Digital Island in December 1999, which is why some of the machines pinging you were in digisle.net. At this point you can: 1) Do nothing. Please accept our apologies and be assured that your machines are not being pinged by a hostile party. 2) Tell us if there is an alternate name server in your IP address space that you would like us to ping. We will direct future ping traffic to it. 3) Respond to this message requesting we stop pinging your server. In this event our pinging will cease in several days. Regards, Sean Gleason Digital Island, Inc. On Thu, 25 Oct 2001, Christopher J. Wolff wrote:
Hello, thank you for your response. Here are the source addresses.
IDS246/dos_dos-large-icmp ICMP 167.216.210.50:na 64.212.9.100:na ns1.bblabs.net 17:30 10-25 IDS246/dos_dos-large-icmp ICMP 198.30.3.4:na 64.212.9.100:na ns1.bblabs.net 17:29 10-25 IDS246/dos_dos-large-icmp ICMP 24.30.1.7:na 64.212.9.100:na ns1.bblabs.net 17:27 10-25 IDS246/dos_dos-large-icmp ICMP 212.177.57.41:na 64.212.9.100:na ns1.bblabs.net 17:27 10-25 IDS118/scan_Traceroute ICMP ICMP 216.200.14.119:na 64.212.9.100:na ns1.bblabs.net 17:27 10-25 IDS118/scan_Traceroute ICMP ICMP 216.32.118.78:na 64.212.9.100:na ns1.bblabs.net 17:27 10-25 IDS118/scan_Traceroute ICMP ICMP 207.46.144.74:na 64.212.9.100:na ns1.bblabs.net 17:27 10-25 IDS118/scan_Traceroute ICMP ICMP 208.148.96.52:na 64.212.9.100:na ns1.bblabs.net 17:26 10-25 IDS246/dos_dos-large-icmp ICMP 212.157.128.115:na 64.212.9.100:na ns1.bblabs.net 17:26 10-25 IDS171/icmp_ping zeros ICMP 139.95.253.3:na 64.212.9.100:na ns1.bblabs.net 17:25 10-25 IDS171/icmp_ping zeros ICMP 139.95.253.3:na 64.212.9.100:na ns1.bblabs.net 17:25 10-25 IDS171/icmp_ping zeros ICMP 139.95.253.3:na 64.212.9.100:na ns1.bblabs.net 17:25 10-25 IDS246/dos_dos-large-icmp ICMP 216.235.98.98:na 64.212.9.100:na ns1.bblabs.net 17:25 10-25 IDS171/icmp_ping zeros ICMP 139.95.253.3:na 64.212.9.100:na ns1.bblabs.net 17:24 10-25 IDS171/icmp_ping zeros ICMP 139.95.253.3:na 64.212.9.100:na ns1.bblabs.net 17:24 10-25 IDS171/icmp_ping zeros ICMP 139.95.253.3:na 64.212.9.100:na ns1.bblabs.net 17:24 10-25 IDS246/dos_dos-large-icmp ICMP 216.117.43.196:na 64.212.9.100:na ns1.bblabs.net 17:24 10-25 IDS246/dos_dos-large-icmp ICMP 216.206.190.125:na 64.212.9.100:na ns1.bblabs.net 17:23 10-25 IDS246/dos_dos-large-icmp ICMP 213.174.86.3:na 64.212.9.100:na ns1.bblabs.net 17:22 10-25 IDS246/dos_dos-large-icmp ICMP 208.174.0.131:na 64.212.9.100:na ns1.bblabs.net 17:22 10-25 IDS118/scan_Traceroute ICMP ICMP 216.200.14.119:na 64.212.9.100:na ns1.bblabs.net 17:19 10-25 IDS118/scan_Traceroute ICMP ICMP 216.32.118.78:na 64.212.9.100:na ns1.bblabs.net 17:19 10-25 IDS118/scan_Traceroute ICMP ICMP 207.46.144.74:na 64.212.9.100:na ns1.bblabs.net 17:19 10-25 IDS118/scan_Traceroute ICMP ICMP 208.148.96.52:na 64.212.9.100:na ns1.bblabs.net 17:19 10-25 IDS246/dos_dos-large-icmp ICMP 64.56.69.38:na 64.212.9.100:na ns1.bblabs.net 17:19 10-25 IDS246/dos_dos-large-icmp ICMP 213.174.86.3:na 64.212.9.100:na ns1.bblabs.net 17:19 10-25 IDS246/dos_dos-large-icmp ICMP 208.172.32.131:na 64.212.9.100:na ns1.bblabs.net 17:18 10-25 IDS246/dos_dos-large-icmp ICMP 200.52.171.211:na 64.212.9.100:na ns1.bblabs.net 17:18 10-25 IDS246/dos_dos-large-icmp ICMP 206.24.208.131:na 64.212.9.100:na ns1.bblabs.net 17:18 10-25 IDS246/dos_dos-large-icmp ICMP 216.44.45.4:na 64.212.9.100:na ns1.bblabs.net 17:18 10-25 IDS246/dos_dos-large-icmp ICMP 157.238.44.132:na 64.212.9.100:na ns1.bblabs.net 17:14 10-25 IDS246/dos_dos-large-icmp ICMP 148.122.172.38:na 64.212.9.100:na ns1.bblabs.net 17:14 10-25 IDS246/dos_dos-large-icmp ICMP 212.155.204.88:na 64.212.9.100:na ns1.bblabs.net 17:13 10-25 IDS246/dos_dos-large-icmp ICMP 209.240.197.84:na 64.212.9.100:na ns1.bblabs.net 17:13 10-25 IDS118/scan_Traceroute ICMP ICMP 64.242.62.92:na 64.212.9.100:na ns1.bblabs.net 17:13 10-25 IDS246/dos_dos-large-icmp ICMP 65.32.4.170:na 64.212.9.100:na ns1.bblabs.net 17:13 10-25 IDS118/scan_Traceroute ICMP ICMP 216.200.14.119:na 64.212.9.100:na ns1.bblabs.net 17:10 10-25 IDS118/scan_Traceroute ICMP ICMP 216.32.118.78:na 64.212.9.100:na ns1.bblabs.net 17:10 10-25 IDS118/scan_Traceroute ICMP ICMP 207.46.144.74:na 64.212.9.100:na ns1.bblabs.net 17:10 10-25 IDS118/scan_Traceroute ICMP ICMP 208.148.96.52:na 64.212.9.100:na ns1.bblabs.net 17:10 10-25 IDS246/dos_dos-large-icmp ICMP 209.240.77.196:na 64.212.9.100:na ns1.bblabs.net 17:09 10-25 IDS246/dos_dos-large-icmp ICMP 207.189.78.249:na 64.212.9.100:na ns1.bblabs.net 17:08 10-25 IDS246/dos_dos-large-icmp ICMP 167.216.150.53:na 64.212.9.100:na ns1.bblabs.net 17:08 10-25 IDS246/dos_dos-large-icmp ICMP 64.78.164.100:na 64.212.9.100:na ns1.bblabs.net 17:07 10-25 IDS118/scan_Traceroute ICMP ICMP 204.201.228.130:na 64.212.9.100:na ns1.bblabs.net 17:06 10-25 IDS171/icmp_ping zeros ICMP 163.181.249.3:na 64.212.9.100:na ns1.bblabs.net 17:06 10-25 IDS171/icmp_ping zeros ICMP 163.181.249.3:na 64.212.9.100:na ns1.bblabs.net 17:06 10-25 IDS171/icmp_ping zeros ICMP 163.181.249.3:na 64.212.9.100:na ns1.bblabs.net 17:06 10-25 IDS246/dos_dos-large-icmp ICMP 207.230.26.4:na 64.212.9.100:na ns1.bblabs.net 17:05 10-25 IDS246/dos_dos-large-icmp ICMP 216.206.179.5:na 64.212.9.100:na ns1.bblabs.net 17:05 10-25 IDS246/dos_dos-large-icmp ICMP 167.216.218.245:na 64.212.9.100:na ns1.bblabs.net 17:04 10-25 IDS246/dos_dos-large-icmp ICMP 167.216.216.117:na 64.212.9.100:na ns1.bblabs.net 17:03 10-25 IDS118/scan_Traceroute ICMP ICMP 198.31.3.44:na 64.212.9.100:na ns1.bblabs.net 17:01 10-25 IDS246/dos_dos-large-icmp ICMP 167.216.133.82:na 64.212.9.100:na ns1.bblabs.net 16:59 10-25 IDS118/scan_Traceroute ICMP ICMP 24.130.30.75:na 64.212.9.100:na ns1.bblabs.net 16:58 10-25 IDS246/dos_dos-large-icmp ICMP 64.232.139.108:na 64.212.9.100:na ns1.bblabs.net 16:57 10-25 IDS171/icmp_ping zeros ICMP 64.92.138.196:na 64.212.9.100:na ns1.bblabs.net 16:57 10-25 IDS171/icmp_ping zeros ICMP 64.92.138.196:na 64.212.9.100:na ns1.bblabs.net 16:57 10-25 IDS171/icmp_ping zeros ICMP 64.92.138.196:na 64.212.9.100:na ns1.bblabs.net 16:57 10-25 IDS246/dos_dos-large-icmp ICMP 64.78.164.100:na 64.212.9.100:na ns1.bblabs.net 16:57 10-25 -----Original Message----- From: Sean Gleason [mailto:sgleason@digisle.net] Sent: Thursday, October 25, 2001 4:44 PM To: Christopher J. Wolff Cc: noc-team@digisle.net Subject: Re: FW: Getting hacked by Digital Isle?
Could you provide me an IP address so we can investigate further.
Sean Gleason ---- Digital Island
On Thu, 25 Oct 2001, Christopher J. Wolff wrote:
I just received a log from my IDS claiming the following attack is taking place from your network. If this is true what are you doing and why are
you
ICMP flooding my primary name server.
Log entry:
mailto:abuse@digisle.com for questions This ICMP ECHO REQUEST/REPLY is part of the real-time network monitoring performed by Digital Island Inc. It is not an attack. If you have questions please contact
abuse@digisle.com...........................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
...............................................
Regards, Christopher J. Wolff, VP, CIO Broadband Laboratories, Inc. http://www.bblabs.com email:chris@bblabs.com phone:520.622.4338 x234