Random people pinging your computer...

**petehall347** · 03-02-2020, 03:05 PM

Re: Random people pinging your computer...

maybe your IP address is very similar to a major one and mistakes are being made .like getting lots of phone calls from random people .
if you run something like etherape you could see where its coming from

**Topcat** · 03-02-2020, 03:15 PM

Re: Random people pinging your computer...

If there's a domain name pointing at it, thats why all the pings.

**Curious.George** · 03-02-2020, 04:31 PM

Re: Random people pinging your computer...

Originally posted by eccerr0r

I do have a website but it's not for general use. Definitely not doing any e-commerce, and at most it's just general computer information if it has any value at all.

A "random person" (your words) wouldn't know WHAT your computer may/may not have on it.

Just curious of what people think of these and why one would send these to a random not so useful machine...

EVERY machine has value -- and some have potentially MORE value than others! Maybe you've left "precious" information on the machine that could be of value to a "random person".

(For now I'm ignoring all other internet sourced oddities like privilege escalation and resource commandeering. If you wish to comment about these, sure, just make sure you're saying what kind of packet. I'm more curious about ping packets which as far as I know has no value to other people, they could just HTTP my machine to know it's up!)

Because ICMP is "supposed" to be recognized by all machines; there's no guarantee that a "random machine" (i.e., yours) will respond to an HTTP request to 80. So, if you know nothing about a "random machine", the best place to start is with a ping.

Note that you can glean a lot from how a machine responds to various different probes -- including identifying the OS that's running on it!

Your IP address "leaks" with each online action you take. Visit BCN and your IP address is captured by its web server. Send mail and your originating IP is captured by any machine that sees your to/fro messages. Every router that handles your packets knows about you. etc.

Even hiding behind single/double NAT doesn't hide the fact that you "exist".

**eccerr0r** · 03-02-2020, 05:15 PM

Re: Random people pinging your computer...

Originally posted by Topcat

If there's a domain name pointing at it, thats why all the pings.

But what's the value of such to others? Heck why would someone be pinging my machine if my domain name happens to be a typo of another popular site - they should be HTTPing it not pinging it.

And why would they keep doing so, especially after I stopped responding to all pings? Now if they want to know if my machine is up, all they need to do is HTTP my machine but they don't. Do they think they can stealth detect if my machine is up by sending pings?

I can see that they can hold value if they commandeer my machine via ssh or whatnot, but not ping. If they want to fingerprint my machine, hell I clearly write what OS I use on my HTTP site!

**Topcat** · 03-02-2020, 06:44 PM

Re: Random people pinging your computer...

If it's a lot of off-shore pinging (usually Russia, China, India), they're typically looking for weak servers to take control of for various exploits. For example, back in the day, the main thing they looked for were weak email servers for spamming purposes....if they could find a weak server that they could SMTP from, all of a sudden it would start sending 100's of thousands of emails a day...usually until someone reported it to the ISP and the ISP killed the IP...

When I say 'weak server', a server with weak passwords that brute force attacks could hash out....or port exploits to server services that should normally be closed....such as SSH on port 22 with a weak root password....you can imagine what that could lead to.

**eccerr0r** · 03-02-2020, 06:58 PM

Re: Random people pinging your computer...

Again, this is disjoint from SSH. If they want to ssh, they should go ahead and ssh - the ssh SYNACK will automatically tell if my machine is up or not.

So... why ping specifically?

**Topcat** · 03-02-2020, 07:51 PM

Re: Random people pinging your computer...

Originally posted by eccerr0r

Again, this is disjoint from SSH. If they want to ssh, they should go ahead and ssh - the ssh SYNACK will automatically tell if my machine is up or not.

So... why ping specifically?

probably to see if anyone is home before they try to pick the lock.

**eccerr0r** · 03-02-2020, 09:08 PM

Re: Random people pinging your computer...

Well, I set my machine to stop responding to the pings, but still get the ssh attempts. Would seem somewhat redundant to ping the machine since one can tell the machine is up/someone home by getting the SYNACK anyway, and one would need to get the SYNACK in order to even think about picking the lock.

If they don't get the SYNACK there's no point in picking the lock because there is no lock to be picked!

**stj** · 03-03-2020, 05:49 AM

Re: Random people pinging your computer...

there are a lot of search engines out there.
some regular, some specialised - looking for IOT or cameras, some government.
they will try to index your site regularly.

**eccerr0r** · 03-03-2020, 10:07 AM

Re: Random people pinging your computer...

searching for... random hosts that respond? If they're searching for webservers, they should connect HTTP to my machine. But ping, other than maybe fingerprinting, what are they trying to get, a list of machines? Again, a single SYNACK will tell both the machine is up and whether a service is listening.

Maybe they think it's impossible to log pings, or perhaps they assume that people don't log pings?

So far I found like 3 machines sending me a ping every 10 minutes. There are maybe 20 machines sending me a ping every 40-50 minutes. And there are more that I haven't quite figured out their frequency.

**tester272001** · 10-05-2020, 08:16 PM

Re: Random people pinging your computer...

in general PING is the easiest way for hackers to see if an IP address is ALIVE. Once it it it can be logged and saved for later exploitation. Heck the list might even get sold on the dark web. it would save other hackers from having to do the legwork of what is alive out there! Then there are lgeitimate crawlers that do the same thing. Look for IP and then test for HTTP or other protocols.

**eccerr0r** · 10-05-2020, 09:29 PM

Re: Random people pinging your computer...

Again what value is it especially when people filter ICMP, and a SYNACK response is more useful (since it tells the machine is up AND there's a possibly exploitable service responding)?

However I have found there are people pinging for fun just to tell what portion of the 32-bit address space is actually responding to ICMP PING just to do some pretty graphs of what's up and what's not up...

Random people pinging your computer...

Random people pinging your computer...

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Related Topics