RE: ICMP TYPE 3

From: Byron Copeland (nodialtone_at_comcast.net)
Date: 09/16/03

  • Next message: Bryan Miller: "IRC bot?" 
    To: "'R. DuFresne'" <dufresne@sysinfo.com>, "'Sekurity Wizard'" <s.wizard@boundariez.com>
Date: Mon, 15 Sep 2003 22:54:26 -0400

     
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Not to mention, perhaps they could also be used as smurf amplifiers to DoS other targets as well.

    - -- "I always wonder why people choose to support MS and then complain about all of these issues that are known in advance."

     

    > -----Original Message-----
    > From: R. DuFresne [mailto:dufresne@sysinfo.com]
    > Sent: Monday, September 15, 2003 2:13 PM
    > To: Sekurity Wizard
    > Cc: gr00vy; pentest
    > Subject: RE: ICMP TYPE 3
    >
    >
    > And this is a good thing, as being able to ping the broadcast address can
    > create a ping storm. There are still many sites that are not setup to
    > prevent this and used as tools to ping flood others.
    >
    > Thanks,
    >
    > Ron DuFresne
    >
    > On Sun, 14 Sep 2003, Sekurity Wizard wrote:
    >
    > > That's your default route....it's telling you that you can't do what
    > > you're trying to do.
    > >
    > > -----Original Message-----
    > > From: gr00vy [mailto:groovy2600@yahoo.com.ar]
    > > Sent: Saturday, September 13, 2003 12:00 AM
    > > To: pentest
    > > Subject: ICMP TYPE 3
    > >
    > >
    > > While I was doing some researching work I ping a broadcast ip address
    > > and for my surprise i recieve an extrange response:
    > >
    > > FIRST RESPONSE:
    > >
    > > Internet Protocol, Src Addr: 200-70-xxx-164.rse.com.ar (200.70.xxx.164),
    > > Dst Addr: 200-70-xxx-121.rse.com.ar (200.70.xxx.121) Internet Control
    > > Message Protocol
    > > Type: 0 (Echo (ping) reply)
    > > Code: 0
    > >
    > > SECOND RESPONSE:
    > >
    > > Internet Protocol, Src Addr: 172.xxx.230.242 (172.xxx.230.242), Dst
    > > Addr: 200-70-xxx-121.rse.com.ar (200.70.xxx.121)
    > > Internet Control Message Protocol
    > > Type: 3 (Destination unreachable)
    > > Code: 13 (Communication administratively filtered) <<< Weird!
    > >
    > > The OS's seems to be (xprobe):
    > >
    > > First ROUTER
    > > [+] Host 200.70.xxx.164 Running OS: "HP JetDirect ROM G.07.02 EEPROM
    > > G.07.20" (Guess probability: 87%)
    > >
    > > Second ROUTER
    > > [+] Host 172.xxx.230.242 Running OS: "Cisco IOS 12.2" (Guess
    > > probability: 71%)
    > >
    > >
    > > My question is, what is it? an ACL? why do i get a response of a machine
    > > i did not ping??? maybe it is a extrange behavior from Cisco ios. This
    > > might help to fingerprint Os's who knows ????
    > >
    > > Bye
    > >
    >
    > --
    > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    > admin & senior security consultant: sysinfo.com
    > http://sysinfo.com
    >
    > "Cutting the space budget really restores my faith in humanity. It
    > eliminates dreams, goals, and ideals and lets us get straight to the
    > business of hate, debauchery, and self-annihilation."
    > -- Johnny Hart
    >
    > testing, only testing, and damn good at it too!
    >
    >
    > --------------------------------------------------------------------------
    > -
    > FREE Trial!
    > New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
    > and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
    > technology powered by the award-winning FoundScan engine. Try it free for
    > 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-
    > test_030825
    > --------------------------------------------------------------------------
    > --

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0

    iQA/AwUBP2Z7YmHZJr/4PEW4EQJ6tgCgy7aC75DZW00cAKImj1dzqYRU15UAniUJ
    Wozksubo63qULd9fmiwvPltx
    =eGVd
    -----END PGP SIGNATURE-----

    ---------------------------------------------------------------------------
    FREE Trial!
    New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
    and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
    technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
    ----------------------------------------------------------------------------

  • Next message: Bryan Miller: "IRC bot?"