ICMP DOS Router log entries

[GrahamB]

Over the last few days I have seen an increasing incidence of Router Log entries as below

Sun, 2007-03-18 11:06:03 - ICMP Packet - Source:89.202.173.22 Destination:212.69.62.36 - [DOS]
Sun, 2007-03-18 11:06:03 - ICMP Packet - Source:216.218.219.35 Destination:212.69.62.36 - [DOS]
Sun, 2007-03-18 11:06:03 - ICMP Packet - Source:84.233.236.242 Destination:212.69.62.36 - [DOS]
Sun, 2007-03-18 11:06:03 - ICMP Packet - Source:209.8.108.26 Destination:212.69.62.36 - [DOS]
Sun, 2007-03-18 11:06:03 - ICMP Packet - Source:66.207.165.195 Destination:212.69.62.36 - [DOS]
Sun, 2007-03-18 11:06:03 - ICMP Packet - Source:38.96.245.236 Destination:212.69.62.36 - [DOS]
Sun, 2007-03-18 11:06:03 - ICMP Packet - Source:66.207.165.195 Destination:212.69.62.36 - [DOS]
Sun, 2007-03-18 11:06:03 - ICMP Packet - Source:38.96.245.236 Destination:212.69.62.36 - [DOS]
Sun, 2007-03-18 11:06:03 - ICMP Packet - Source:66.207.165.195 Destination:212.69.62.36 - [DOS]
Sun, 2007-03-18 11:06:04 - ICMP Packet - Source:212.23.57.21 Destination:212.69.62.36 - [DOS]
Sun, 2007-03-18 11:06:04 - ICMP Packet - Source:66.77.65.71 Destination:212.69.62.36 - [DOS]
Sun, 2007-03-18 11:06:04 - ICMP Packet - Source:63.216.14.130 Destination:212.69.62.36 - [DOS]
Sun, 2007-03-18 11:06:04 - ICMP Packet - Source:89.202.137.196 Destination:212.69.62.36 - [DOS]
Sun, 2007-03-18 11:06:04 - ICMP Packet - Source:216.218.219.35 Destination:212.69.62.36 - [DOS]

The volume of entries is increasing quite significantly. Is this something I should be worried about ?  I don't ever remember seeing these entries before. I am running a Netgear DG834 Router with latest firmware etc.

Regards

Graham

[Rik]

It's just the router firewall telling you it's done its job, don't worry about it.

[GrahamB]

OK thanks  - I understand the firewall is working. I am just curious as to what ICMP packets are and what is going on - Is it some sort of DOS attack or something ? As this has just started to happen over the last few days.

Just wanting to understand a little more about the curious cyberspace world we live in 

Thanks

Graham

[Lance]

ICMP is something to do with pinging a IP address. For example, if someone pings my router, because I have it set to allow ICMP packets it replies. However, if I had the option turned off, it would play dead.

My bet is that it is some script kiddy somewhere running a program which pings a range of address to see which ones are active.

[Rik]

I agree with you, Lance, I'm sure it's a script kiddy looking for an active machine to play with - it's why I have pings off in my router.

From Wiki:

"The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet protocol suite. It is chiefly used by networked computers' operating systems to send error messages—indicating, for instance, that a requested service is not available or that a host or router could not be reached.

ICMP differs in purpose from TCP and UDP in that it is usually not used directly by user network applications. One exception is the ping tool, which sends ICMP Echo Request messages (and receives Echo Response messages) to determine whether a host is reachable and how long packets take to get to and from that host."

[GrahamB]

Many thanks for all your info - I now understand a little bit more

I do have pings off in my router. After a couple of days of these entries they stopped. Obviously these 'script kiddies' (conjures up all sorts of imagery) get bored and move on.

Thanks again

Graham

[Rik]

Hi Graham

If your router doesn't respond to the pings, it looks like there is nothing on that IP address. After a while, they do just move on. I get much less attention here than I did previously with a dynamic IP, which probably indicates that my IP doesn't go places where people notice it.

You might like to try this online scan to check your machine is tightly locked down.