Security Incidents mailing list archives

Re: ddos-stacheldraht server-spoof alerts ( Was: What is this?)

From: Jacek Lipkowski <sq5bpf () ACID CH PW EDU PL>
Date: Thu, 15 Feb 2001 09:00:47 +0100

On Wed, 14 Feb 2001, Rod Longanilla wrote:

I'm still watching and recording the alerts until it can be absolutely
proven these particular alerts are just false positives.  So if anyone has
further information what can possibly be generating these, please
post/reply.


i'm also getting alot of packets with icmp id 666 (and others). most of
them have no payload. i've traced some of them to imesh (something similar
to napster - chech www.imesh.com). almost all packets are from dialups,
some of them come from unix boxes (but their ttl is one hop smaller than
the ttl of these boxes, so these are probably from machines behind these
boxes).

jacek

Current thread:

What is this? Simeon Johnston (Feb 14)
- Re: What is this? Max Gribov (Feb 14)
  - Re: What is this? Andreas Östling (Feb 14)
    - ddos-stacheldraht server-spoof alerts ( Was: What is this?) Rod Longanilla (Feb 14)
    - Re: ddos-stacheldraht server-spoof alerts ( Was: What is this?) Jacek Lipkowski (Feb 15)
    - Re: ddos-stacheldraht server-spoof alerts ( Was: What is this?) Stephen P. Berry (Feb 16)
    - [no subject] Osvaldo J. Filho (Feb 16)
    - Re: ddos-stacheldraht server-spoof alerts ( Was: What is this?) Daniel Keisling (Feb 16)
- Re: What is this? Geoff the UNIX guy (Feb 14)
- Re: What is this? Jason Potopa (Feb 15)
  - Re: What is this? Simeon Johnston (Feb 15)