Re: Black Ice 3.5cbf warning about 192.168.0.1
From: steve h. (steve2470_at_excite.com)
Date: 07/01/04
- Previous message: Kleeb: "Re: Incomings syns & pings"
- In reply to: steve h.: "Black Ice 3.5cbf warning about 192.168.0.1"
- Next in thread: Father_Sicko_at_TheOrphanage.com: "Re: Black Ice 3.5cbf warning about 192.168.0.1 -->Can this IP be blocked?"
- Reply: Father_Sicko_at_TheOrphanage.com: "Re: Black Ice 3.5cbf warning about 192.168.0.1 -->Can this IP be blocked?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 1 Jul 2004 08:40:55 -0700
"steve h." <steve2470nonsense@nonsensemailblocks.com> wrote in message news:<N3JEc.2241$Bv.331175@twister.tampabay.rr.com>...
> [Evasion] Attacker sends an ICMP Echo reply without a request, possibly
> to communicate with a trojan horse application - This is the message I
> get from Black Ice, when the only thing at that IP address is my D-Link
> DI-604 router. Should I just ignore this ? TIA.
> Steve
more info: http://xforce.iss.net/xforce/xfdb/8014
ICMP Echo Reply without Echo
icmp-unsolicited-echo-reply (8014) Low Risk
Description:
This computer received an ICMP echo reply (commonly called a ping)
without having first sent a ping request.This event may occur for one
or more reasons:
Firewall scanning: Any administrator or intruder may use this
technique to scan systems behind a corporate firewall. Most corporate
firewalls allow ping/echo repsonses to pass through. Otherwise, ping
programs won't work correctly. However, when a router within the
corporation attempts to forward the packet to a nonexistent host, it
sends back an "unreachable" message to the sender. In this manner,
somebody can map the structure of the network behind a corporate
firewall.
Trojan communication: ICMP traffic is a common way of communicating
with Trojan horse programs. This method is effective because it passes
through firewalls.
Denial of Service (DoS) attacks: Ping floods are also used as a direct
DoS mechanism. The goal is to flood you with traffic (especially
traffic that pierces firewalls) to slow down the Internet connection.
Spoof by-products: An attacker could be spoofing your IP address. They
could be sending pings to a target claiming that these pings are from
you. You would then see these replies. There is no reliable method to
determine who is doing this.
Platforms Affected:
Microsoft Corporation: Windows Any version
Various: Unix Any version
Remedy:
Verfiy the source of the traffic and that no rogue applications are
running.
Consequences:
Data Manipulation
- Previous message: Kleeb: "Re: Incomings syns & pings"
- In reply to: steve h.: "Black Ice 3.5cbf warning about 192.168.0.1"
- Next in thread: Father_Sicko_at_TheOrphanage.com: "Re: Black Ice 3.5cbf warning about 192.168.0.1 -->Can this IP be blocked?"
- Reply: Father_Sicko_at_TheOrphanage.com: "Re: Black Ice 3.5cbf warning about 192.168.0.1 -->Can this IP be blocked?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
