Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

New ICMP scanning tool out?
From: James Lay <jlay () ameriben com>
Date: Mon, 29 Nov 2004 12:54:32 -0700

Hrmmm...just starting to see a LOT of these today:

Nov 29 12:40:12 ns1 snort: [1:0:0] IDS171/icmp_ping zeros [Classification:
information gathering attempt] [Priority: 8]: {ICMP} 66.179.172.254 ->
24.116.*.*
Nov 29 12:40:12 ns1 snort: [1:384:4] ICMP PING [Classification: Misc
activity] [Priority: 3]: {ICMP} 66.179.172.254 -> 24.116.*.*
Nov 29 12:40:12 ns1 snort: [1:499:3] ICMP Large ICMP Packet [Classification:
Potentially Bad Traffic] [Priority: 2]: {ICMP} 66.179.172.254 -> 24.116.*.*

It's always the same...a tripple wammie combo in the same order....any hint
as to what app/trojan/whatever this may be?

James Lay
Network Manager/Security Officer
AmeriBen Solutions/IEC Group
Semper Vigilans!!!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • New ICMP scanning tool out? James Lay (Nov 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]