Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

strange ICMP REPLY

From: "zmaster zhang" <zmaster_zhang () operamail com>
Date: Fri, 16 Jan 2004 10:36:11 +0800
Hi all!

there are some thing strange in my computer.
My OS is winXP, useing ADSL connect to internet. ONLY  connect to the internet XP send ICMP ECHO REPLY packet to the 
same IP every minute, and no ECHO REQUEST received.
The first of two ICMP datas is different from others but they have common ground. The "ZHANGHONGH" is my computer name 
and the others is like MAC.

What's it? back door? or some reason from ADSL modem?
sorry for my poor english!

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

01/15-21:32:44.278561 0:10:B2:4C:77:A1 -> 0:E0:FC:17:B:6 type:0x8864 len:0x68
61.149.65.136 -> 61.131.96.53 ICMP TTL:128 TOS:0x0 ID:358 IpLen:20 DgmLen:82
Type:0  Code:0  ID:0  Seq:0  ECHO REPLY
00 00 FE FF 30 33 3A 30 35 3A 30 36 3A 31 33 3A  ....03:05:06:13:
30 30 3A 34 37 09 5A 48 41 4E 47 48 4F 4E 47 48  00:47.ZHANGHONGH
41 49 09 57 68 69 73 74 6C 65 72 09 31 2E 30 09  AI.Whistler.1.0.
41 31 30 30 30 09                                A1000.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

01/15-21:33:44.284832 0:10:B2:4C:77:A1 -> 0:E0:FC:17:B:6 type:0x8864 len:0x68
61.149.65.136 -> 61.131.96.53 ICMP TTL:128 TOS:0x0 ID:362 IpLen:20 DgmLen:82
Type:0  Code:0  ID:0  Seq:0  ECHO REPLY
00 00 FE FF 30 33 3A 30 35 3A 30 36 3A 31 33 3A  ....03:05:06:13:
30 30 3A 34 37 09 5A 48 41 4E 47 48 4F 4E 47 48  00:47.ZHANGHONGH
41 49 09 57 68 69 73 74 6C 65 72 09 31 2E 30 09  AI.Whistler.1.0.
41 31 30 30 30 09                                A1000.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

01/15-21:34:44.291123 0:10:B2:4C:77:A1 -> 0:E0:FC:17:B:6 type:0x8864 len:0x48
61.149.65.136 -> 61.131.96.53 ICMP TTL:128 TOS:0x0 ID:373 IpLen:20 DgmLen:50
Type:0  Code:0  ID:0  Seq:0  ECHO REPLY
00 00 FE FF 30 33 3A 30 35 3A 30 36 3A 31 33 3A  ....03:05:06:13:
30 30 3A 34 37 09                                00:47.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

01/15-21:35:44.297269 0:10:B2:4C:77:A1 -> 0:E0:FC:17:B:6 type:0x8864 len:0x48
61.149.65.136 -> 61.131.96.53 ICMP TTL:128 TOS:0x0 ID:400 IpLen:20 DgmLen:50
Type:0  Code:0  ID:0  Seq:0  ECHO REPLY
00 00 FE FF 30 33 3A 30 35 3A 30 36 3A 31 33 3A  ....03:05:06:13:
30 30 3A 34 37 09                                00:47.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 
-- 
___________________________________________________
Check out the latest SMS services @ http://www.operamail.com, which allows you to send SMS through your mailbox.

Powered by Outblaze

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: