Security Incidents mailing list archives
Re: Odd UPD scan
From: peak () ARGO TROJA MFF CUNI CZ (Pavel Kankovsky)
Date: Tue, 21 Mar 2000 10:49:12 +0100
On Mon, 20 Mar 2000, Bill Pennington wrote:
...I mean IPX/SPX and Appletalk are generally very noisy but TCP/UDP should be a bit more elegant IMHO.
This is not TCP/UDP but *NetBIOS* over TCP/UDP.
It would be intersting to find out how much bandwidth is getting chewed up at sites like yahoo.com and amazon.com. I bet it is quite a lot. Maybe ISP's should block this traffic outbound by default.
I think that would go a long way it combating this bandwitdh hog/security risk.
I have to ask myself what would happen if I sent a bogus reply instead of dropping the request on the floor. Could I make the client go down in flames (or something worse)? (Q for VULN-DEV?) If yes, there would be a strong incentive to get rid of this braindead feature. ;) --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- Odd UPD scan David Meissner (Mar 15)
- Re: Odd UPD scan Bill Pennington (Mar 16)
- Re: Odd UPD scan Graeme Fowler (Mar 20)
- Re: Odd UPD scan Grzegorz Janoszka (Mar 17)
- <Possible follow-ups>
- Re: Odd UPD scan Randy Mclean (Mar 17)
- Re: Odd UPD scan Rainer Weikusat (Mar 17)
- Re: Odd UPD scan Bill Pennington (Mar 20)
- Re: Odd UPD scan Pavel Kankovsky (Mar 21)
- NetBIOS info Robert Graham (Mar 21)
- Re: NetBIOS info Bill Pennington (Mar 22)
- Strange probe Stuart Staniford-Chen (Mar 24)
- Re: NetBIOS info Robert Graham (Mar 27)
- Syn scans to 4045 Joey McAlerney (Mar 27)
- Re: Odd UPD scan Bill Pennington (Mar 16)