Re: ICMP Destination Unreachable, Administratively Prohibited

[Valdis.Kletnieks () vt edu]

On Thu, 13 Feb 2003 18:26:46 EST, Chris Brenton said:

> If other source IP's were used, it may not have come from your network.
> If your IP address space was the only thing spoofed, the attacker would
> need to sniff the replies somehow which implies they own one of your
> boxes or possibly a box up stream.

Or the attacker was a script kiddie who didn't understand how to use the
tool he had. ;)

(Maybe I'm just jaded - the last intrusion I had to work, I discovered that
the first thing the intruder did was try to craft a backdoor,  The first
attempt didn't even hit the right file because they couldn't type, and the
second attempt broke things so badly that not only did their backdoor not
work, but neither did the original exploit they rode in on.. ;)

Sometimes the data makes a LOT more sense if you analyze it while thinking
"What if the Three Stooges were hackers?"..... :)

Attachment: _bin
Description: