Full Disclosure mailing list archives
Re: Really ODD 12 byte UDP attempts
From: James Lay <jlay () slave-tothe-box net>
Date: Mon, 29 Aug 2005 07:46:12 -0600
On Sun, 28 Aug 2005 23:44:25 -0400 Michael Hale <michael.hale () gmail com> wrote:
I agree - Unix style traceroute probably responsible. See: http://www.tech-faq.com/unix-windows-traceroute.shtml On 8/28/05, Blue Boar <BlueBoar () thievco com> wrote:James Lay wrote:Aug 28 06:57:01 kernel: New,invalid SRC=64.94.45.26 DST=24.116.255.102 LEN=32 PROTO=UDP SPT=11050 DPT=33440 LEN=12Most likely someone is just tracerouting to your IP. Grab the actual packets, and check the TTLs to be sure. BB _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Ya...this is what it was alright....every swinging one has a TTL of 1 or 2. Nice to know that there are so many out there tracerouting me :D Thanks for the quick and easy answer. James _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Really ODD 12 byte UDP attempts James Lay (Aug 28)
- Re: Really ODD 12 byte UDP attempts Blue Boar (Aug 28)
- Re: Really ODD 12 byte UDP attempts Michael Hale (Aug 28)
- Re: Really ODD 12 byte UDP attempts James Lay (Aug 29)
- Re: Really ODD 12 byte UDP attempts Michael Hale (Aug 28)
- Re: Really ODD 12 byte UDP attempts Blue Boar (Aug 28)