Full Disclosure mailing list archives
RE: shout out 4 ...
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Tue, 23 Sep 2003 10:01:51 -0500
-----Original Message----- From: Ferris, Robin [mailto:R.Ferris () napier ac uk] Sent: Tuesday, September 23, 2003 6:18 AM To: full-disclosure () lists netsys com Subject: [Full-disclosure] shout out 4 ... im looking for a detailed sniffer analysis of nachia, I had watched theinfo flow through this list when it first appeared. However some one has just asked for some help but specifically from the detailed network sniffer side of things. Things like packet sizes, frequency of scans, scan pattersn etc etc
Put an unpatched Win2k box on the Internet. Wait five minutes. Take if off the Internet (please!) and connect it to a box running ethereal and capture the packets. Very simple. The packets are 92 bytes with a 64 byte payload. ICMP type 8, code 0. They scan networks sequentially (1,2,3,4,etc.). Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- shout out 4 ... Ferris, Robin (Sep 23)
- <Possible follow-ups>
- RE: shout out 4 ... Schmehl, Paul L (Sep 23)
- RE: shout out 4 ... Ferris, Robin (Sep 24)