Security Incidents mailing list archives
Re: ddos-stacheldraht server-spoof alerts ( Was: What is this?)
From: Jacek Lipkowski <sq5bpf () ACID CH PW EDU PL>
Date: Thu, 15 Feb 2001 09:00:47 +0100
On Wed, 14 Feb 2001, Rod Longanilla wrote:
I'm still watching and recording the alerts until it can be absolutely proven these particular alerts are just false positives. So if anyone has further information what can possibly be generating these, please post/reply.
i'm also getting alot of packets with icmp id 666 (and others). most of them have no payload. i've traced some of them to imesh (something similar to napster - chech www.imesh.com). almost all packets are from dialups, some of them come from unix boxes (but their ttl is one hop smaller than the ttl of these boxes, so these are probably from machines behind these boxes). jacek
Current thread:
- What is this? Simeon Johnston (Feb 14)
- Re: What is this? Max Gribov (Feb 14)
- Re: What is this? Andreas Östling (Feb 14)
- ddos-stacheldraht server-spoof alerts ( Was: What is this?) Rod Longanilla (Feb 14)
- Re: ddos-stacheldraht server-spoof alerts ( Was: What is this?) Jacek Lipkowski (Feb 15)
- Re: ddos-stacheldraht server-spoof alerts ( Was: What is this?) Stephen P. Berry (Feb 16)
- [no subject] Osvaldo J. Filho (Feb 16)
- Re: ddos-stacheldraht server-spoof alerts ( Was: What is this?) Daniel Keisling (Feb 16)
- Re: What is this? Andreas Östling (Feb 14)
- Re: What is this? Max Gribov (Feb 14)
- Re: What is this? Simeon Johnston (Feb 15)