Snort mailing list archives
Re: A new type of ICMP packet
From: Matt Scarborough <vexversa () usa net>
Date: 29 May 2001 04:21:30 EDT
On Mon, 28 May 2001 22:55:48 -0600, Phil Wood wrote:
On Mon, May 28, 2001 at 09:12:32PM -0400, Matt Scarborough wrote:On Fri, 25 May 2001 10:11:30 -0600, Phil Wood wrote:Eight unknown ICMP's left my establishment last night at 1 second
intervals.
ICMP payload 3f3f 3f3f with TTL 10 indicate Napster. But ICMP code and
type
0254 do not. Then again, if that is ICMP Id 666 (029a) other things may be afoot. Could you post tcpdump -X so nothing may be lost in the conversion?It's the MNOPQRST seqeuence! %^)
OK. Close though. FWIW anyhow http://archives.neohapsis.com/archives/incidents/2001-02/0329.html
19:43:27.524954 10.0.7.54 > 209.12.75.204: icmp 12 type-#2 (DF) 45000020 be1d4000 5e01ba0b 0a000736 d10c4bcc : E @ ^ 6 K : 024d0020 029a0001 3f3f3f3f 00000000 00000000 : M ???? : 00000000 0000 : : 19:43:28.684491 10.0.7.54 > 209.12.75.204: icmp 12 type-#2 (DF) 45000020 be1d4000 5201c60b 0a000736 d10c4bcc : E @ R 6 K : 024e0020 029a0001 3f3f3f3f 00000000 00000000 : N ???? : 00000000 0000
____________________________________________________________________ Get free email and a permanent address at http://www.amexmail.com/?A=1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- A new type of ICMP packet Phil Wood (May 25)
- Re: A new type of ICMP packet Ofir Arkin (May 25)
- <Possible follow-ups>
- Re:A new type of ICMP packet Matt Scarborough (May 28)
- Re: Re:A new type of ICMP packet Phil Wood (May 28)
- Re: Re:A new type of ICMP packet Chris Green (May 29)
- Re: A new type of ICMP packet Matt Scarborough (May 29)