|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Vern Waltman (vern_waltman
YAHOO.COM)Date: Wed Apr 04 2001 - 14:31:35 CDT
I have been seeing some unusal ICMP traffic Type & Code request has anyone else seen triple digit
Type and Code request? Here is an example:
111 112 ICMP
113 114 ICMP
114 115 ICMP
108 109 ICMP
103 104 ICMP
116 117 ICMP
98 99 ICMP
97 98 ICMP
115 116 ICMP
100 101 ICMP
106 107 ICMP
102 103 ICMP
97 118 ICMP (This Type & Code Seems to depict the Range of numbers used)
This is a small sample we have collected off our IDS, and as you can see there seems to be a
sequance from the Type => Code in that it is 1 up. Does anyone know what these codes would mean,
or Could these ICMP Packets be activating a process (Backdoors). The ICMP Packet size is 1402 or
1514 bytes (Most of the packets are 1514 bytes). Could the Type & Code be used as a sequence
identifer to be later re-assembled?
We have seen the ICMP Packets originating from 4 diferent sources have been targeting 1 system on
our network (Low Key attempt at a DOS?).
=====
Vern WaltmanVern_Waltmanyahoo.com 703-730-1485
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/?.refer=text
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]