OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Seth Arnold (sarnoldwirex.com)
Date: Mon Jan 28 2002 - 18:38:30 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Mon, Jan 28, 2002 at 03:55:03PM -0800, Christian, Chris wrote:

    Chris, thanks for the tcpdump output; most of the time, when I see
    packets dissapear into the void like this, my first thought is
    invariably a firewall of some sort in the way that has been configured
    to drop packets, rather than send meaningful ICMP messages back.

    > The tcpdump looks like: (tcpdump -I eth0 -n | grep 10.241.60.243)
    >
    > 23:50:36.019933 < 10.241.60.243.2801 > 10.9.138.243.tftp: 25 WRQ
    > "/tftpboot/foo"
    > 23:50:36.023550 > 10.9.138.243.1040 > 10.241.60.243.2801: udp 4
    > 23:50:37.185122 > 10.9.138.243.1039 > 10.241.60.243.2801: udp 4
    > 23:50:41.015495 > 10.9.138.243.1040 > 10.241.60.243.2801: udp 4
    > 23:50:42.185594 > 10.9.138.243.1039 > 10.241.60.243.2801: udp 4
    > 23:50:46.015969 > 10.9.138.243.1040 > 10.241.60.243.2801: udp 4
    > 23:50:47.186067 > 10.9.138.243.1039 > 10.241.60.243.2801: udp 4
    > 23:50:51.016434 > 10.9.138.243.1040 > 10.241.60.243.2801: udp 4
    > 23:50:52.186543 > 10.9.138.243.1039 > 10.241.60.243.2801: udp 4
    > 23:50:56.016909 > 10.9.138.243.1040 > 10.241.60.243.2801: udp 4
    > 23:50:57.187024 > 10.9.138.243.1039 > 10.241.60.243.2801: udp 4
    > 23:51:01.017383 > 10.9.138.243.1040 > 10.241.60.243.2801: udp 4
    > 23:51:06.008939 < 10.241.60.243.2801 > 10.9.138.243.1040: udp 25
    > 23:51:11.008342 > 10.9.138.243.1040 > 10.241.60.243.2801: udp 4
    > 23:51:11.008971 < 10.241.60.243.2801 > 10.9.138.243.1040: udp 25
    > 23:51:16.008819 > 10.9.138.243.1040 > 10.241.60.243.2801: udp 4
    > 23:51:16.008920 < 10.241.60.243.2801 > 10.9.138.243.1040: udp 25
    > 23:51:21.008946 < 10.241.60.243.2801 > 10.9.138.243.1040: udp 25
    > 23:51:25.999768 > 10.9.138.243.1040 > 10.241.60.243.2801: udp 4
    > 23:51:31.000245 > 10.9.138.243.1040 > 10.241.60.243.2801: udp 4 

    -- 
"Soldiers quartered in a populous town will always occasion two mobs
where they prevent one. They are wretched conservators of the peace."
-- John Adams

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org

    iD8DBQE8Ve8G1XMg6PgdEDQRAqY/AKCz7NbUMswEOGiugqAHz04DD4fqMQCgrSx4 Dk1X1NBRi0AZLNh4sA7mVp0= =7zz5 -----END PGP SIGNATURE-----

    _______________________________________________ Immunix-users mailing list Immunix-usersmail.wirex.com http://mail.wirex.com/mailman/listinfo/immunix-users