Re: Strange Large ICMP packets IDS246
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi
I'm already calmer now. Apparently I am not the only one with this "problem".
It seems that the "hacker" is microsoft.
http://www.wfu.edu/~steinsj5/work/icmp.html
I gonna ask their support, what these packages are good for. If by the way
somebody knows it already I would appreciate.
Regards
Marcel
Arne Rusek wrote:
| On Mon, Nov 18, 2002 at 11:54:01PM +0100, Marcel Weber wrote:
|
|>Hi
|>
|>Today I had a whole bunch of large ICMP packages on the company's LAN
|>(about 20).
|>Interesting is, that they came mostly from the Windows 2000 Servers. I
|>discovered the first of these packages 2 or 3 weeks ago.
|>
|>These packets are long (2090 Bytes) and not filled with nulls, but with
|>more or less weird content. They have no "Don't fragment" flags set, so I
|>wonder where they come from and what they good for.
|>
|>Has anybody seem such packets yet? (See attachment)
|>
|>Regards
|>
|>Marcel
|
|
| It seems to me like tunelling something inside ICMP protocol. And that
| JFIF - isn't something similar in JPEG headers? Aren't these Win2000
| servers hacked? Just an idea :)
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQE92Ycq1EXMUTKVE5URAnNMAJ96J8Nc2NPdzA67skwnMXMcj1niqQCg6vJP
Gm1qOjWnaOdpO8K+IofcVv4=
=scXK
-----END PGP SIGNATURE-----
Reply to: