Security Basics mailing list archives
strange ICMP REPLY
From: "zmaster zhang" <zmaster_zhang () operamail com>
Date: Fri, 16 Jan 2004 10:36:11 +0800
Hi all! there are some thing strange in my computer. My OS is winXP, useing ADSL connect to internet. ONLY connect to the internet XP send ICMP ECHO REPLY packet to the same IP every minute, and no ECHO REQUEST received. The first of two ICMP datas is different from others but they have common ground. The "ZHANGHONGH" is my computer name and the others is like MAC. What's it? back door? or some reason from ADSL modem? sorry for my poor english! =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 01/15-21:32:44.278561 0:10:B2:4C:77:A1 -> 0:E0:FC:17:B:6 type:0x8864 len:0x68 61.149.65.136 -> 61.131.96.53 ICMP TTL:128 TOS:0x0 ID:358 IpLen:20 DgmLen:82 Type:0 Code:0 ID:0 Seq:0 ECHO REPLY 00 00 FE FF 30 33 3A 30 35 3A 30 36 3A 31 33 3A ....03:05:06:13: 30 30 3A 34 37 09 5A 48 41 4E 47 48 4F 4E 47 48 00:47.ZHANGHONGH 41 49 09 57 68 69 73 74 6C 65 72 09 31 2E 30 09 AI.Whistler.1.0. 41 31 30 30 30 09 A1000. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 01/15-21:33:44.284832 0:10:B2:4C:77:A1 -> 0:E0:FC:17:B:6 type:0x8864 len:0x68 61.149.65.136 -> 61.131.96.53 ICMP TTL:128 TOS:0x0 ID:362 IpLen:20 DgmLen:82 Type:0 Code:0 ID:0 Seq:0 ECHO REPLY 00 00 FE FF 30 33 3A 30 35 3A 30 36 3A 31 33 3A ....03:05:06:13: 30 30 3A 34 37 09 5A 48 41 4E 47 48 4F 4E 47 48 00:47.ZHANGHONGH 41 49 09 57 68 69 73 74 6C 65 72 09 31 2E 30 09 AI.Whistler.1.0. 41 31 30 30 30 09 A1000. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 01/15-21:34:44.291123 0:10:B2:4C:77:A1 -> 0:E0:FC:17:B:6 type:0x8864 len:0x48 61.149.65.136 -> 61.131.96.53 ICMP TTL:128 TOS:0x0 ID:373 IpLen:20 DgmLen:50 Type:0 Code:0 ID:0 Seq:0 ECHO REPLY 00 00 FE FF 30 33 3A 30 35 3A 30 36 3A 31 33 3A ....03:05:06:13: 30 30 3A 34 37 09 00:47. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 01/15-21:35:44.297269 0:10:B2:4C:77:A1 -> 0:E0:FC:17:B:6 type:0x8864 len:0x48 61.149.65.136 -> 61.131.96.53 ICMP TTL:128 TOS:0x0 ID:400 IpLen:20 DgmLen:50 Type:0 Code:0 ID:0 Seq:0 ECHO REPLY 00 00 FE FF 30 33 3A 30 35 3A 30 36 3A 31 33 3A ....03:05:06:13: 30 30 3A 34 37 09 00:47. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ -- ___________________________________________________ Check out the latest SMS services @ http://www.operamail.com, which allows you to send SMS through your mailbox. Powered by Outblaze --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- strange ICMP REPLY zmaster zhang (Jan 16)