off list
On Tuesday 15 August 2006 21:45, Dude VanWinkle wrote:
Still, I cant seem to help but think there is something to this port 0
thingy
http://www.networkpenetration.com/port0.html
snip
3. Port 0 OS Fingerprinting
---
As port 0 is reserverd for special use
On Wed, 16 Aug 2006 12:33:13 BST, Barrie Dempster said:
Although the port 0 in this case is a red herring and irrelevant. Port 0
itself when used with TCP/UDP (not ICMP!) can actually be used on the
Internet. A while back I modified netcat and my linux kernel so that it would
allow usage of
Well,
After over 100,000 alerts each with very different payloads the
traffic stopped. I do have a list of all of the dropped packets from my
firewall as well and it appears that it was hitting 3 IP addresses which
are public facing, not just one. The weird part, is that two of those
three
Also,
I failed to mention that they came in bursts of 3 every 5 minutes on
the dot.
Adriel T. Desautels wrote:
Well,
After over 100,000 alerts each with very different payloads the
traffic stopped. I do have a list of all of the dropped packets from my
firewall as well and it appears
you could setup a user ip redirect page and just ask the users from
this ip to fill out a form before proceeding...
On 8/15/06, Adriel T. Desautels [EMAIL PROTECTED] wrote:
Well,
There's something to the traffic that I am seeing. The payloads are
always changing and contain significantly
Dude VanWinkle,
snip
-
Looks to me like they are using port 0.
http://www.grc.com/port_0.htm
-JP
*NEVER TRUST* Steve Gibson. I bet he smokes crack. See
http://attrition.org/errata/charlatan.html#gibson for more details.
Best regards,
Julio Cesar Fort
Recife, PE,
On 8/15/06, Julio Cesar Fort [EMAIL PROTECTED] wrote:
Dude VanWinkle,
snip
-
Looks to me like they are using port 0.
http://www.grc.com/port_0.htm
-JP
*NEVER TRUST* Steve Gibson. I bet he smokes crack. See
http://attrition.org/errata/charlatan.html#gibson for
Well,
There's something to the traffic that I am seeing. The payloads are
always changing and contain significantly different data. One of the
payloads was packed full of X'es, the other was packed full of |'s.
Check it out.
Event: ICMP Destination Unreachable Port Unreachable
Category:
Dude,
In case you've failed to notice, this is an ICMP port unreachable message. It's sent in response to a UDP packet destined for an unavailable UDP port. The port '0' referenced in the event source/destination is meaningless as ICMP doesn't use source and destination ports (it is always '0').
Darren,
I did notice what type of packet it was and I also know what the
packet signifies. The issue that I am having is that there has never
been any outbound UDP activity to the host that is replying to this
network. The payloads of the ICMP packets are a bit weird too,
containing either
Adriel,
I was replying to Dude VanWinkle, who's been chasing down the src/dst port 0 unnecessarily.
On 8/15/06, Adriel T. Desautels [EMAIL PROTECTED] wrote:
Darren, I did notice what type of packet it was and I also know what thepacket signifies. The issue that I am having is that there has never
common mistakeOn Aug 15, 2006, at 7:24 PM, Darren Bounds wrote:I'm confused about a couple things: 1) You say you knew the nature of the packet yet in your original message you stated "Neither the source IP or the target IP have any ports associated with them in this event. Any ideas would be
Darren, my apologies. ;]
Darren Bounds wrote:
Adriel,
I was replying to Dude VanWinkle, who's been chasing down the src/dst
port 0
unnecessarily.
On 8/15/06, Adriel T. Desautels [EMAIL PROTECTED] wrote:
Darren,
I did notice what type of packet it was and I also know what the
packet
Darren,
My responses are below:
Darren Bounds wrote:
I'm confused about a couple things:
1) You say you knew the nature of the packet yet in your original message
you stated Neither the source IP or the target IP have any ports
associated
with them in this event. Any ideas would be
starting to think that, there's an awful lot of traffic tho.
[EMAIL PROTECTED] wrote:
On Tue, 15 Aug 2006 18:53:09 EDT, Adriel T. Desautels said:
Darren,
I did notice what type of packet it was and I also know what the
packet signifies. The issue that I am having is that there has
On 8/15/06, Darren Bounds [EMAIL PROTECTED] wrote:
Adriel,
I was replying to Dude VanWinkle, who's been chasing down the src/dst port 0
unnecessarily.
Nah, I realized after the 4th post it was an ICMP packet and was just
curious about port 0
Only TCP/UDP have ports, I know that :-)
-JPone
On Tue, 15 Aug 2006 20:23:30 EDT, Adriel T. Desautels said:
starting to think that, there's an awful lot of traffic tho.
[EMAIL PROTECTED] wrote:
Backscatter reply to a spoofed packet source address?
You think *you* got a lot of traffic, think about the site that sent you the
ICMP - if
On Tue, 15 Aug 2006 18:53:09 EDT, Adriel T. Desautels said:
Darren,
I did notice what type of packet it was and I also know what the
packet signifies. The issue that I am having is that there has never
been any outbound UDP activity to the host that is replying to this
network.
18 matches
Mail list logo
