Re: ICMP code 3 type 2 scans?

From: Russell Fulton (r.fultonat_private)
Date: Mon Jun 04 2001 - 17:49:10 PDT

Next message: Alvin Oga: "rootkit entertainment"

Previous message: root: "Re: another rootkit - one more file (fwd)"
In reply to: Glenn Forbes Fleming Larratt: "ICMP code 3 type 2 scans?"
Next in thread: john.smith@minolta-qms.com: "RE: ICMP code 3 type 2 scans?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 4 Jun 2001 09:48:40 -0500 (CDT) Glenn Forbes Fleming Larratt 
<glrattat_private> wrote:

> Never seen these before this week, and now have two in rapid succession.
> New exploit? I *know* that my whole Class B is not banging on that
> one 24-net host, especially the unallocated subnets :|
> 

Hmmm... given the random nature or the destination addresses I would 
guess that this is the fall out from at DoS of some type where someone 
is forging your address on DoS packets. I regularly see traffic like 
this but usually code 0, 1 or 3 rather than 2.

Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

Next message: Alvin Oga: "rootkit entertainment"
Previous message: root: "Re: another rootkit - one more file (fwd)"
In reply to: Glenn Forbes Fleming Larratt: "ICMP code 3 type 2 scans?"
Next in thread: john.smith@minolta-qms.com: "RE: ICMP code 3 type 2 scans?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 05 2001 - 09:43:05 PDT