|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Frederico Queiroz (fqueiroz
ISH.COM.BR)Date: Tue Apr 03 2001 - 08:26:52 CDT
Take a look at redirected-broadcast.
Many Flood type attacks use a ICMP to broadcast makeing some internal
traffic.
try at your linux box:
using 24 bits sub-net.
ping -b xxx.xxx.xxx.0
You'll see many DUP! packets.
> -----Mensagem original-----
> De: Steve Adams [mailto:sadamsEASYSTREET.COM]
> Enviada em: Monday, April 02, 2001 5:31 PM
> Para: FOCUS-IDSSECURITYFOCUS.COM
> Assunto: Fw: Strange echo-requests
>
>
> This looks to be, depending on the mask, a sub-net ping and probably
> generated by a port-scanner somewhere on your network.
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]