Full Disclosure mailing list archives

RE: shout out 4 ...

From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Tue, 23 Sep 2003 10:01:51 -0500

-----Original Message-----
From: Ferris, Robin [mailto:R.Ferris () napier ac uk] 
Sent: Tuesday, September 23, 2003 6:18 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] shout out 4 ...

im looking for a detailed sniffer analysis of nachia, 
I had watched theinfo flow through this list when it 
first appeared. However some one has just asked for 
some help but specifically from the detailed network 
sniffer side of things. 

Things like packet sizes, frequency of scans, scan 
pattersn etc etc


Put an unpatched Win2k box on the Internet.  Wait five minutes.  Take if
off the Internet (please!) and connect it to a box running ethereal and
capture the packets.  Very simple.

The packets are 92 bytes with a 64 byte payload.  ICMP type 8, code 0.
They scan networks sequentially (1,2,3,4,etc.).

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

shout out 4 ... Ferris, Robin (Sep 23)
- <Possible follow-ups>
- RE: shout out 4 ... Schmehl, Paul L (Sep 23)
- RE: shout out 4 ... Ferris, Robin (Sep 24)