Security Incidents mailing list archives
Strange ICMP timestamp replies
From: Florian Weimer <Florian.Weimer () RUS UNI-STUTTGART DE>
Date: Tue, 16 Jan 2001 13:51:41 +0100
We have observed some strange network packets: 08:42:45; DENY; icmp; $SOURCE1; 14 (); $DEST.23; 0 (); 08:46:55; DENY; icmp; $SOURCE1; 14 (); $DEST.18; 0 (); 08:41:26; DENY; icmp; $SOURCE1; 14 (); $DEST.99; 0 (); 08:46:53; DENY; icmp; $SOURCE1; 14 (); $DEST.18; 0 (); 19:18:49; DENY; icmp; $SOURCE2; 14 (); $DEST.21; 0 (); ($DEST.* is in our network.) These are ICMP timestamp replies, I think. Does anybody know why somebody sends such packets? You can hardly do OS fingerprinting using ICMP timestamp replies. Is there any DoS attack involving spoofed ICMP timestamp requests (so that we're getting the answers of the victim)? -- Florian Weimer Florian.Weimer () RUS Uni-Stuttgart DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898
Current thread:
- Strange ICMP timestamp replies Florian Weimer (Jan 16)
- Re: Strange ICMP timestamp replies Jose Nazario (Jan 16)
- Message not available
- Re: Strange ICMP timestamp replies Florian Weimer (Jan 16)