Security Incidents mailing list archives
Re: Idiotic question
From: hdm () SECUREAUSTIN COM (H D Moore)
Date: Tue, 29 Feb 2000 17:09:45 -0600
Hi, This just means you got hit with an icmp packet that too big to pass through your gateway but it had the 'Dont Fragment' flag set. Probably a DoS or MTU discovery tool. -HD Joe User wrote:
Howdy! As I was watching the logs tonight, I wound up with this entry in there: Feb 25 21:23:35 localhost icmplog[246]: 139.175.17.1: fragmentation needed (IP_DF set) Feb 25 21:23:37 localhost icmplog[246]: 139.175.17.1: fragmentation needed (IP_DF set) It seems vaguely familiar, but I sure can't recall what it is. It reminds me of some of the older Jolt attempts, but I can't remember for the life of me. Any help would be appreciated. Thanks! Atralakh Information Archives: ftp://atralakh.darktech.org Atralakh Haven: telnet://atralakh.darktech.org:2300 About Atralakh: gopher://atralakh.darktech.org My home page: http://home.centurytel.net/kronovohr/ E-mail: kronovohr<at>centurytel<dot>net push ax,dx xor dx,dx pop ax push computer,out_window db 09 FF F8 F7 2E 0H SH 1T !!
Current thread:
- Re: Idiotic question H D Moore (Feb 29)
- <Possible follow-ups>
- Re: Idiotic question Greg A. Woods (Feb 29)
- Re: Idiotic question Greg A. Woods (Mar 02)
- Re: Idiotic question Simple Nomad (Mar 03)