-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > The interesting part is that there was a massive amount of destination > unreachable traffic coming into the network with NO originating > echo-request. Let me rephrase... I looked at one of the addresses that > was sending dest-unreachable packets... there was no originating or > corresponding echo-request to that IP address. For that matter, there > was no traffic initiated on my side to that address whatsoever. > > The question now becomes... what exposure does this give me? What can be > gleaned from and ICMP dest-unreachable request? Are you able to map my > entire network using this technique? Enumeration only? Is there a > vulnerability out there using this technique? It makes sense to assume that your IP address was used as a decoy in a scan using spoofed addresses. The target of the scan returned the error to the address that it thinks was the originator. An icmp error can't be used in a scan because a host/router is not supposed to respond to an ICMP error message. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> Comment: Making the world safe for geeks. iQA/AwUBO1eklsAVSpfzXItKEQI7OACgreMygmXqb6gVs3S2a3RqsVrTIQkAoJYg TQR3n2icRg772qnIHfAx7+v+ =TRS2 -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 23:32:06 PDT