Re: Hacked - is it my turn? - interesting
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings Rolf,
On Tue, 03 Feb 2004 at 06:11:34PM -0500, Rolf Kutz wrote:
> > TCP-Reset..I know. I am not one that enjoys people breaking RFCs, but
> > in this case it does make *some* sense. If someone is randomly port
> > scanning class C's and they hit your IP, get no response from an ICMP
> > (1) echo-request (8) and then try a few ports and get no TCP-Resets,
> > they are likely to think you are a dead IP[1].
>
> You would get a ICMP host-unreachable from the
> last router in that case.
I don't believe this is always the case.
plhofmei@Oneil:~$ sudo hping 63.165.217.29 -S -p 80
Enter password for SUDO:
HPING 63.165.217.29 (eth0 63.165.217.29): S set, 40 headers + 0 data
bytes
- --- 63.165.217.29 hping statistic ---
56 packets tramitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms
plhofmei@Oneil:~$ ping 63.165.217.29
PING 63.165.217.29 (63.165.217.29): 56 data bytes
- --- 63.165.217.29 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
I KNOW that IP address is currently not in service (I am the network
admin).
I also did a tcpdump (in the case hping did not report ICMP
host-unreachable received. No ICMP packets were seen...
It may be the RFC specification that an ICMP host-unreachable be sent,
but in practice this is no where near always the case.
Note: The last router is a Cisco router maintained by an ISP. No, I am
not on the same subnet as 63.165.219.29.
Take care,
- --
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAIDPyS3Jybf3L5MQRAns7AJ9sAkTwrpyUyXpVq80KaBE4jNK21QCgktRB
hQqMg9NdcAjWBX/BMOutGIQ=
=HlvF
-----END PGP SIGNATURE-----
Reply to: