Does anyone know of an application/tool/malware that sends the following type of traffic to the broadcast address: - echo requests with as payload "Hello, is anybody home?" - udp/7 (echo) datagrams with the same payload 04:52:52.343680 172.16.0.250 > 255.255.255.255: icmp: echo request (ttl 2, id 6089, len 52) 0x0000 4500 0034 17c9 0000 0201 f3f6 ac10 00fa E..4............ 0x0010 ffff ffff 0800 5084 0000 17c9 4865 6c6c ......P.....Hell 0x0020 6f2c 2069 7320 616e 7962 6f64 7920 686f o,.is.anybody.ho 0x0030 6d65 3f00 me?. 04:52:54.188615 172.16.0.250.35072 > 255.255.255.255.7: [no cksum] udp 24 (ttl 2, id 6090, len 52) 0x0000 4500 0034 17ca 0000 0211 f3e5 ac10 00fa E..4............ 0x0010 ffff ffff 8900 0007 0020 0000 4865 6c6c ............Hell 0x0020 6f2c 2069 7320 616e 7962 6f64 7920 686f o,.is.anybody.ho 0x0030 6d65 3f00 me?. Wim ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Jan 25 2003 - 06:32:31 PST