Security Incidents mailing list archives
ICMP reply, but no stimulus
From: Robert Buckley <rbuckley () synapsemail com>
Date: Fri, 19 Dec 2003 11:40:57 -0500
Anyone ever see this payload before? There is a windows 2k system that is replying to its two Wins servers and two DNS servers with echo replies, but no icmp request has been sent to it. 11:39:09.494312 IP 10.n.n.n > 10.n.n.n: icmp 44: echo reply seq 11106 0x0000 4500 0040 058e 0000 8001 97f4 0ab0 c4c8 E..@............ 0x0010 0ab0 c312 0000 631d 001d 2b62 150f 0800 ......c...+b.... 0x0020 4545 4545 4545 4545 4545 4545 4545 4545 EEEEEEEEEEEEEEEE 0x0030 4545 4545 4545 4545 4545 4545 4545 4545 EEEEEEEEEEEEEEEE
Robert Buckley Security Administration ******************************************************************** The information in this transmission is privileged and confidential and is intended only for the recipient(s) listed above. If you have received this transmission in error, please notify the sender immediately by E-mail and delete the original message. ********************************************************************
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- ICMP reply, but no stimulus Robert Buckley (Dec 19)