Security Incidents mailing list archives
Re: echo requests, 1480 bytes
From: 9d () COSMOSDIREKT DE (Fengor Wolfsclaw)
Date: Tue, 22 Feb 2000 15:42:40 +0100
Mixmaster schrieb:
Big echo packets like this going out of our network set off our IDS sniffer here. It turns out they were coming from Macintosh PC's, with one big echo request sent to a web server at the same time they opened an HTTP connection. The payload was always all 0's. We checked a couple of the Macs doing it and they had not been compromised, and the users weren't doing anything to cause it, so I'm guessing it's some kind of MTU discovery "feature" of MacOS.
wasn'T there a mail about something called "the mac attack" some time ago on bugtraq? iirc it was an ddos attack that used these echo packets to multiply their traffic. Daniel "Fengor" Brachmann
Current thread:
- Re: echo requests, 1480 bytes, (continued)
- Re: echo requests, 1480 bytes James Lohman (Feb 10)
- Re: echo requests, 1480 bytes Marc Slemko (Feb 15)
- Re: echo requests, 1480 bytes James Lohman (Feb 10)
- twinkie Vasiliy Kuznetsov (Feb 15)
- Re: twinkie Przemyslaw Frasunek (Feb 16)
- Re: twinkie Pavel Kankovsky (Feb 17)
- Re: echo requests, 1480 bytes Przemyslaw Frasunek (Feb 15)
- Re: echo requests, 1480 bytes Ron Gula (Feb 11)
- Re: echo requests, 1480 bytes Omachonu Ogali (Feb 15)
- Re: echo requests, 1480 bytes Donald McLachlan (Feb 16)
- Re: echo requests, 1480 bytes Mixmaster (Feb 19)
- Re: echo requests, 1480 bytes Fengor Wolfsclaw (Feb 22)