Security Incidents mailing list archives
Re: ICMP Destination Unreachable, Administratively Prohibited
From: Valdis.Kletnieks () vt edu
Date: Fri, 14 Feb 2003 11:11:35 -0500
On Thu, 13 Feb 2003 18:26:46 EST, Chris Brenton said:
If other source IP's were used, it may not have come from your network. If your IP address space was the only thing spoofed, the attacker would need to sniff the replies somehow which implies they own one of your boxes or possibly a box up stream.
Or the attacker was a script kiddie who didn't understand how to use the tool he had. ;) (Maybe I'm just jaded - the last intrusion I had to work, I discovered that the first thing the intruder did was try to craft a backdoor, The first attempt didn't even hit the right file because they couldn't type, and the second attempt broke things so badly that not only did their backdoor not work, but neither did the original exploit they rode in on.. ;) Sometimes the data makes a LOT more sense if you analyze it while thinking "What if the Three Stooges were hackers?"..... :)
Attachment:
_bin
Description:
Current thread:
- ICMP Destination Unreachable, Administratively Prohibited Neil Dickey (Feb 13)
- Re: ICMP Destination Unreachable, Administratively Prohibited Chris Brenton (Feb 13)
- Re: ICMP Destination Unreachable, Administratively Prohibited Anthony Kim (Feb 14)
- Re: ICMP Destination Unreachable, Administratively Prohibited Valdis . Kletnieks (Feb 14)
- Re: ICMP Destination Unreachable, Administratively Prohibited Russell Fulton (Feb 13)
- Re: ICMP Destination Unreachable, Administratively Prohibited Anders Thulin (Feb 14)
- Re: ICMP Destination Unreachable, Administratively Prohibited Chris Brenton (Feb 13)