Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

ICMP messages - Scan or exploit attempt?
From: "Compra, Fred" <fredco () HUSHMAIL COM>
Date: Mon, 11 Sep 2000 03:15:01 +0000
I checked the logs on my masquerading Linux box a while ago to find that
ippl had logged some "ippl: ICMP message type destination unreachable -
bad host from xxx.xxx.xxx.xxx" messages with plenty of "last message repeated
xx times" following them.  (The x'd out IP address is the external interface
on the box.)

I saw no other connection attempts during this time, but I wasn't logging
UDP, only TCP and ICMP. Could these messages be the result of a UDP scan
of some sort, or even an attempt to exploit the Linux UDP masquerading vulnerability?
(Does anyone know if this has been fixed?)

Thanks to all,
Fred

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]