Full Disclosure mailing list archives
Re: RE: Increased TCP 139 Activity
From: Andrew Simmons <andrews () mis-cds com>
Date: Fri, 10 Oct 2003 16:59:41 +0100
Choe.Sung Cont. PACAF CSS/SCHP wrote:
Ron Dufresne wrote:If this is indeed the case, the ping sweep will all be packets of 92 byte, these are windows packets, and the recent rcpdcom sploits are the culprit.ICMP packets 92-bytes in size (72 bytes + 20 bytes for header) are usually due to a welchia infected host trying to propagate. It is not a rpcdcom exploit.
I believe Windows `tracert' program uses 92 byte ICMP packets. \a
V/r, Sung J. Choe PACAF CSS/SCHP, PACAF NOSC Information Assurance Analyst DSN: 315-449-4317, Comm: 808-449-4317
The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the intended recipient. If you are not the intended recipient any disclosure, reproduction, distribution or other dissemination or use of this communications is strictly prohibited. The views expressed in this e-mail are those of the individual and not necessarily of MIS Corporate Defence Solutions Ltd. Any prices quoted are only valid if followed up by a formal written quote. If you have received this transmission in error, please contact our Security Manager on 44 (0) 1622 723410. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Increased TCP 139 Activity Phathat (Oct 08)
- <Possible follow-ups>
- RE: Increased TCP 139 Activity Williams Jon (Oct 08)
- RE: Increased TCP 139 Activity Brown, Rodrick (Oct 08)
- RE: Increased TCP 139 Activity Ron DuFresne (Oct 08)
- Re: Increased TCP 139 Activity Valdis . Kletnieks (Oct 09)
- RE: Increased TCP 139 Activity Marc (Oct 09)
- RE: Increased TCP 139 Activity Choe.Sung Cont. PACAF CSS/SCHP (Oct 10)
- Re: RE: Increased TCP 139 Activity Andrew Simmons (Oct 10)