Security Incidents mailing list archives
Re: Unusual ICMP Traffic
From: Gary Flynn <flynngn () jmu edu>
Date: Tue, 22 Oct 2002 21:59:38 -0400
jeff () thepostmaster net wrote:
Has anyone seen this type of ICMP traffic?
No, but I'm going to start looking ASAP. A google search on revconnecttome turned up some interesting hits: From: http://www.lwave.ca/DCHub/protocol.html $RevConnectToMe A passive client may send this to cause a peer to send a $ConnectToMe back.$RevConnectToMe <nick> <remoteNick>
* <nick> is the sender of the message. * <remoteNick> is the user which should send to $ConnectToMe.The server must send this message unmodified to <remoteNick>. If <remoteNick> is an active client, it must send a $ConnectToMe to <nick>. If not, it must ignore the message.
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Unusual ICMP Traffic jeff (Oct 22)
- Re: Unusual ICMP Traffic Brett Glass (Oct 22)
- Re: Unusual ICMP Traffic Gary Flynn (Oct 22)