Have you received an ICMP Echo Request ("ping") message from us?

We conduct routine ICMP echo measurements as part of our Internet Outage Detection and Analysis platform (IODA). The packets that you are receiving are part of an effort to identify large-scale Internet outages (i.e. significantly impacting an AS or a large fraction of a country). Specifically, we probe a large fraction of the (routable) IPv4 address space from several nodes distributed worldwide (the probes you are seeing are coming from nodes hosted at SDSC) and use a methodology developed by the University of Southern California to infer when a /24 block is affected by a network outage.

We assure you that this probing is not malicious and we are not using the responses to identify specific devices. All the results are aggregated to a /24 granularity.

That said, we would be happy to blacklist an IP address or network block if you would prefer not to receive this traffic.

Sorry for any inconvenience we might have caused, and if you have any further questions, please don't hesitate to ask. We'd be more than happy to have a call with you if you would like.

Ping Of Death

We have found that certain firewalls (in consumer routers) mistakenly report our benign ICMP Echo Request packets as a "Ping Of Death".

The Ping Of Death attack originated in the mid-1990's and used large, fragmented packets to cause buffer overflows and crashes. While this vulnerability was serious at the time, it has long been patched, and no modern OS should be vulnerable.

Our ICMP Echo Request packets are not Ping Of Death packets. That is, they are not large or fragmented packets. Although we have not been able to confirm it, we suspect that certain firewall implementations are simply classifying any ICMP Echo Request packet as a Ping Of Death packet.