Re: Strange Large ICMP packets IDS246

To: debian-security@lists.debian.org
Subject: Re: Strange Large ICMP packets IDS246
From: Arne Rusek <zonk@yo.cz>
Date: Tue, 19 Nov 2002 00:41:39 +0100
Message-id: <[🔎] 20021118234139.GA2351@laptop.localdomain>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 3DD96F89.4050206@ncpro.com>
References: <[🔎] 3DD96F89.4050206@ncpro.com>

On Mon, Nov 18, 2002 at 11:54:01PM +0100, Marcel Weber wrote:
> Hi
> 
> Today I had a whole bunch of large ICMP packages on the company's LAN 
> (about 20).
> Interesting is, that they came mostly from the Windows 2000 Servers. I
> discovered the first of these packages 2 or 3 weeks ago.
> 
> These packets are long (2090 Bytes) and not filled with nulls, but with
> more or less weird content. They have no "Don't fragment" flags set, so I
> wonder where they come from and what they good for.
> 
> Has anybody seem such packets yet? (See attachment)
> 
> Regards
> 
> Marcel

It seems to me like tunelling something inside ICMP protocol. And that
JFIF - isn't something similar in JPEG headers? Aren't these Win2000
servers hacked? Just an idea :)

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Arne Rusek                                                 <zonk@yo.cz>
Phone:                                                    +420732673195
-----------------------------------------------------------------------
*** Take back the Net! http://www.anti-dmca.org
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Reply to:

Follow-Ups:
- Re: Strange Large ICMP packets IDS246
  - From: Marcel Weber <mmweber@ncpro.com>

References:
- Strange Large ICMP packets IDS246
  - From: Marcel Weber <mmweber@ncpro.com>

Prev by Date: Re: Strange Large ICMP packets IDS246
Next by Date: Re: Strange Large ICMP packets IDS246
Previous by thread: Re: Strange Large ICMP packets IDS246
Next by thread: Re: Strange Large ICMP packets IDS246
Index(es):
- Date
- Thread