|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Sparse ICMP/ACK Scans to Broadcast Addresses
From: Granquist, Lamont (lamont
ICOPYRIGHT.COM)Date: Sun May 07 2000 - 19:48:58 CDT
- Next message: Robert Graham: "Re: odd message showing up logs..."
- Previous message: Filip M. Gieszczykiewicz: "Re: Analysis: AboveNet attacks"
- In reply to: Stephen P. Berry: "Sparse ICMP/ACK Scans to Broadcast Addresses"
- Next in thread: Stephen P. Berry: "Re: Sparse ICMP/ACK Scans to Broadcast Addresses"
- Reply: Granquist, Lamont: "Re: Sparse ICMP/ACK Scans to Broadcast Addresses"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 5 May 2000, Stephen P. Berry wrote:
> Over the past couple days, I've noticed an odd traffic pattern which
> I haven't observed previously. The pattern consists of two flavours
> of traffic:
>
> -An ICMP_ECHO_REQUEST
> -An ACK
That's an ACK ping, to detect machines that packet filter ICMP. NMAP is
one scanner that will do these kinds of scans. I'm not up-to-date on DoS
technology -- is there a DoS tool out there that does TCP smurfs?
- Next message: Robert Graham: "Re: odd message showing up logs..."
- Previous message: Filip M. Gieszczykiewicz: "Re: Analysis: AboveNet attacks"
- In reply to: Stephen P. Berry: "Sparse ICMP/ACK Scans to Broadcast Addresses"
- Next in thread: Stephen P. Berry: "Re: Sparse ICMP/ACK Scans to Broadcast Addresses"
- Reply: Granquist, Lamont: "Re: Sparse ICMP/ACK Scans to Broadcast Addresses"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]