Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: odd icmp broadcast scan

odd icmp broadcast scan

From: Jon Lewis <jlewis_at_LEWIS.ORG>
Date: Mon, 13 Mar 2000 01:32:30 -0500

I just found this in the packet filter logs for a client's
network I help maintain and thought it was very odd.

Mar 12 17:33:27 gw ASCEND: wan1 8/0/icmp xxx.yyy.zzz.0 <- 66.23.21.3 42 !pass (t
oping-1)
Mar 12 17:33:27 gw ASCEND: wan1 8/0/icmp xxx.yyy.zzz.0 <- 64.24.41.130 42 !pass
(toping-1)
Mar 12 17:33:27 gw ASCEND: wan1 8/0/icmp xxx.yyy.zzz.0 <- 69.69.69.69 42 !pass (
toping-1)
Mar 12 17:33:27 gw ASCEND: wan1 8/0/icmp xxx.yyy.zzz.0 <- 104.104.104.104 42 !pa
ss (toping-1)

The second one is from (or claims to be from) a popsite.net dialup...a
frequent source of spam and perhaps hackers. The rest are all likely
forged and have source addresses in IANA reserved IP space. Anyone have
a clue what's to be gained by pinging the network address from out on
the internet using reserved block source addresses?

----------------------------------------------------------------------
 Jon Lewis *jlewis_at_lewis.org*| Spammers will be winnuked or
 System Administrator | nestea'd...whatever it takes
 Atlantic Net | to get the job done.
_________http://www.lewis.org/~jlewis/pgp for PGP public key__________
Received on Mar 14 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos