Snort mailing list archives

Strange ICMP packets from windows machines

From: Juergen Schmidt <ju () ct heise de>
Date: Tue, 19 Nov 2002 12:13:30 +0100 (MET)

Hello,

I got two independent reports, about Windows machines sending large ICMP
echo requests. The weird thing about them is, that they seem to contain a
JPEG image with a microsoft logo as payload (fragmented over two packets)

The packet characteristics are: ICMP, Type 0 (echo request), size > 2000
Byte

One report can be found at: http://www.wfu.edu/~steinsj5/work/icmp.html

I haven't seen those packets myself yet.
Has anybody else observed something similar?

thanks in advance, juergen

-- 
Juergen Schmidt   Leitender Redakteur/senior editor  c't magazin
Heise Zeitschriften Verlag,  Helstorferstr. 7,  D-30625 Hannover
Tel. +49 511 5352 300 FAX +49 511 5352 417  EMail ju () ct heise de




-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Strange ICMP packets from windows machines Juergen Schmidt (Nov 19)
- <Possible follow-ups>
- RE: Strange ICMP packets from windows machines larosa, vjay (Nov 19)