Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Really ODD 12 byte UDP attempts

From: James Lay <jlay () slave-tothe-box net>
Date: Mon, 29 Aug 2005 07:46:12 -0600
On Sun, 28 Aug 2005 23:44:25 -0400
Michael Hale <michael.hale () gmail com> wrote:


I agree - Unix style traceroute probably responsible. See:

http://www.tech-faq.com/unix-windows-traceroute.shtml 

On 8/28/05, Blue Boar <BlueBoar () thievco com> wrote:

James Lay wrote:

Aug 28 06:57:01 kernel: New,invalid SRC=64.94.45.26
DST=24.116.255.102 LEN=32 PROTO=UDP SPT=11050 DPT=33440 LEN=12


Most likely someone is just tracerouting to your IP.  Grab the
actual packets, and check the TTLs to be sure.

                                        BB
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Ya...this is what it was alright....every swinging one has a TTL of 1
or 2.  Nice to know that there are so many out there tracerouting
me :D  Thanks for the quick and easy answer.

James
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: