Bugtraq mailing list archives
Re: ICMP nukes?
From: ccdes () ccdes princeton nj us (Carl Corey)
Date: Thu, 28 Apr 1994 09:36:40 -0500
% I believe that a majority of the packets "nuking" connections out there are % not perfect fakes; they are distinguishable from the real thing. And how do you spot that which makes them distinguishable from the real thing?
Not sure, i've never done anything on the topic. I believe that the widely-distributed nuke.c program's packets (hope I don't over-simplify this) are FROM the "nuker", but say that the HOST is unreach. So basically I believe that newer versions of Cisco software check to see if the ICMP UNREACH is on the same subnet as the host which is unreachable. Something like that; I was in a detailed discussion about it a few months ago but that's all I remember, and that might be a little off. cc
Current thread:
- Re: ICMP nukes? Carl Corey (Apr 28)
- <Possible follow-ups>
- Re: ICMP nukes? Carl Corey (Apr 28)
- Re: ICMP nukes? Oliver Friedrichs (Apr 28)
- ICMP unreachables MICHAEL R. WIDNER (Apr 28)