Re: Strange Large ICMP packets IDS246
On Mon, Nov 18, 2002 at 11:54:01PM +0100, Marcel Weber wrote:
> Hi
>
> Today I had a whole bunch of large ICMP packages on the company's LAN
> (about 20).
> Interesting is, that they came mostly from the Windows 2000 Servers. I
> discovered the first of these packages 2 or 3 weeks ago.
>
> These packets are long (2090 Bytes) and not filled with nulls, but with
> more or less weird content. They have no "Don't fragment" flags set, so I
> wonder where they come from and what they good for.
>
> Has anybody seem such packets yet? (See attachment)
>
> Regards
>
> Marcel
It seems to me like tunelling something inside ICMP protocol. And that
JFIF - isn't something similar in JPEG headers? Aren't these Win2000
servers hacked? Just an idea :)
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Arne Rusek <zonk@yo.cz>
Phone: +420732673195
-----------------------------------------------------------------------
*** Take back the Net! http://www.anti-dmca.org
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Reply to: