CAIDA Internet Outage Detection and Analysis (IODA) Probe Information
The Center for Applied Internet Data Analysis (CAIDA), an academic research group based at the San Diego Supercomputer Center (SDSC) at UC San Diego, developed an operational prototype system that monitors the Internet, in near-realtime, with the goal of identifying macroscopic Internet outages affecting the edge of the network, i.e., significantly impacting an AS or a large fraction of a country.As part of our detection and analysis of large-scale Internet infrastructure outages activities, CAIDA runs a number of periodic and ongoing probes. This page describes the probes sent out by our monitors.
Have you received an ICMP Echo Request ("ping") message from us?
We conduct routine ICMP echo measurements as part of our Internet Outage Detection and Analysis platform (IODA). The packets that you are receiving are part of an effort to identify large-scale Internet outages (i.e. significantly impacting an AS or a large fraction of a country). Specifically, we probe a large fraction of the (routable) IPv4 address space from several nodes distributed worldwide.
We assure you that this probing is not malicious. That said, we would be happy to blacklist an IP address or network block if you would prefer not to receive this traffic.
Sorry for any inconvenience we might have caused, and if you have any further questions, please don't hesitate to ask. We'd be more than happy to have a call with you if you would like.
Ping Of Death
We have found that certain firewalls (in consumer routers) mistakenly report our benign ICMP Echo Request packets as a "Ping Of Death".
The Ping Of Death attack originated in the mid-1990's and used large, fragmented packets to cause buffer overflows and crashes. While this vulnerability was serious at the time, it has long been patched, and no modern OS should be vulnerable.
Our ICMP Echo Request packets are not Ping Of Death packets. That is, they are not large or fragmented packets. Although we have not been able to confirm it, we suspect that certain firewall implementations are simply classifying any ICMP Echo Request packet as a Ping Of Death packet.
[DoS attack] ICMP Flood
We have also found that certain firewalls (in consumer routers) mistakenly report our benign ICMP Echo Request packets as "[DoS attack] ICMP Flood". This classification is incorrect. Any IP address we probe receives no more than 1 packet every 10 minutes from each of our 3 vantage points. That is a very negligible number of packets.