Security Incidents mailing list archives
Re: echo requests, 1480 bytes
From: oogali () INTRANOVA NET (Omachonu Ogali)
Date: Tue, 15 Feb 2000 06:40:35 -0500
On Fri, 11 Feb 2000, Ron Gula wrote:
Thomas, What catches my eye in your message is:Feb 3 06:24:30 oi iplog[20316]: ICMP: echo from ns-norva.navy.mil (1480bytes)Does anyone know what these folks are up to? I usually see an echo request from them, followed by an ICMP source quench. Very odd. DonWe have seen several sites monitored by the Dragon IDS pick up this packet. It is spooed as certain fields in the ICMP and IP headers never change. Someone probably compiled an ICMP spoofer and used a the length of their buffer as the length of their packet. I'd post a copy of the packet, but I don't have permission from the customer at the moment. It's a payload of all zeros after the ICMP header. Ron Gula, CTO. Network Security Wizards, Inc. http://www.securitywizards.com
Is it actually spoofed? Ping that address and you'll receive high latency and source quenches, then ping the broadcast address and you'll receive replies. I've contacted Sprint, but I haven't seen anything done nor been replied to. -- +-------------------------------------------------------------------------+ | Omachonu Ogali oogali () intranova net | | Intranova Networking Group http://tribune.intranova.net | | PGP Key ID: 0xBFE60839 | | PGP Fingerprint: C8 51 14 FD 2A 87 53 D1 E3 AA 12 12 01 93 BD 34 | +-------------------------------------------------------------------------+
Current thread:
- Ports 41508, 41524 & 41531, (continued)
- Ports 41508, 41524 & 41531 Aronius, Joakim (Feb 09)
- Re: Ports 41508, 41524 & 41531 Rick Ballard (Feb 10)
- Re: echo requests, 1480 bytes Brett Glass (Feb 09)
- Re: echo requests, 1480 bytes James Lohman (Feb 10)
- Re: echo requests, 1480 bytes Marc Slemko (Feb 15)
- Re: echo requests, 1480 bytes James Lohman (Feb 10)
- twinkie Vasiliy Kuznetsov (Feb 15)
- Re: twinkie Przemyslaw Frasunek (Feb 16)
- Re: twinkie Pavel Kankovsky (Feb 17)
- Re: echo requests, 1480 bytes Przemyslaw Frasunek (Feb 15)
- Re: echo requests, 1480 bytes Ron Gula (Feb 11)
- Re: echo requests, 1480 bytes Omachonu Ogali (Feb 15)
- Re: echo requests, 1480 bytes Donald McLachlan (Feb 16)
- Re: echo requests, 1480 bytes Mixmaster (Feb 19)
- Re: echo requests, 1480 bytes Fengor Wolfsclaw (Feb 22)
- Ports 41508, 41524 & 41531 Aronius, Joakim (Feb 09)