Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ICMP Destination Unreachable Port Unreachable

From: "Peter Dawson" <slash.pd () gmail com>
Date: Tue, 15 Aug 2006 15:13:27 -0400
for an instance, I thought it was a ping sweep varition in occurance.. snort
logs s/have some more info .. were the src and dst  IP's random or static..
?

On 8/15/06, Richard Bejtlich <taosecurity () gmail com> wrote:


Adriel T. Desautels wrote:
>
> Hi List,
> I've been receiving this traffic for a while from the same IP address.
Does anyone \
> have any idea what type of traffic this might be. Neither the source IP
or the target \
> IP have any ports associated with them in this event. Any ideas would be
appreciated. \

Hello,

Looking at the presumed ICMP payload you posted, and starting with
0x45, you have a UDP packet from 70.91.131.49:16229 to
82.246.252.214:2597.

I decoded this quickly -- someone feel free to correct me if I'm wrong.

Nothing appears to be listening on port 2597 UDP, so you are seeing a
"ICMP Destination Unreachable Port Unreachable" ICMP error message.

Your IDS is not reporting ports because ICMP doesn't use ports.

Sincerely,

Richard
http://taosecurity.blogspot.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





--
http://peterdawson.typepad.com
PeterDawson Home of ThoughtFlickr's
"This message is printed on Recycled Electrons."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: