ICMP reply, but no stimulus
From: Robert Buckley (rbuckley_at_synapsemail.com)
Date: 12/19/03
- Previous message: Dan Hanson: "Administrivia: Dead Thread - Strange servicepack.exe file (not service.exe) found."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: incidents@securityfocus.com Date: Fri, 19 Dec 2003 11:40:57 -0500
Anyone ever see this payload before?
There is a windows 2k system that is replying to its two Wins servers and
two DNS servers with echo replies, but no icmp
request has been sent to it.
11:39:09.494312 IP 10.n.n.n > 10.n.n.n: icmp 44: echo reply seq 11106
0x0000 4500 0040 058e 0000 8001 97f4 0ab0 c4c8 E..@............
0x0010 0ab0 c312 0000 631d 001d 2b62 150f 0800 ......c...+b....
0x0020 4545 4545 4545 4545 4545 4545 4545 4545 EEEEEEEEEEEEEEEE
0x0030 4545 4545 4545 4545 4545 4545 4545 4545 EEEEEEEEEEEEEEEE
> Robert Buckley
> Security Administration
> ********************************************************************
> The information in this transmission is privileged and confidential
> and is intended only for the recipient(s) listed above. If you have
> received this transmission in error, please notify the sender
> immediately by E-mail and delete the original message.
> ********************************************************************
>
>
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Dan Hanson: "Administrivia: Dead Thread - Strange servicepack.exe file (not service.exe) found."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
