Re: ICMP type 3, an attack?
From: Jem Berkes (jb_dontuse@pc9.org)Date: 02/04/02
- Next message: Anders Larsen: "Re: REDIRECTS ok in input but fail in user chain"
- Previous message: Luke Vogel: "Re: Kernel hardening - LIDS vs GRSecurity vs NSA"
- In reply to: RainbowHat: "Re: ICMP type 3, an attack?"
- Next in thread: ujay: "Re: ICMP type 3, an attack?"
- Reply: ujay: "Re: ICMP type 3, an attack?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Jem Berkes <jb_dontuse@pc9.org> Date: Mon, 04 Feb 2002 13:43:20 GMT
> Have you tried traceroute to 157.130.91.153 and 24.229.129.72 from
> 130.179.134.23 and nmap probing with os fingerprint (or xprobe) to
> 157.130.91.153 and 24.229.129.72? If how many hops nearly equal 15
> between 130.179.134.23 and 157.130.91.153, ICMP packet not include
> [] quoted was real. If not, whole packet above were crafted by
> someone. Can you reach to 24.229.129.72 from 130.179.134.23 with
> regular packet?
I have tried traceroute. Once again, I've seen these same 'suspicious'
packet on two different systems, both on different networks. I have done a
traceroute from both and it never hops through anything in the 157.
network. Traceroute from both 130.179.134.23 and my other system to
destination 24.229.129.72 never hits 157.130.91.153. In fact:
208.217.113.157 reports: Destination host unreachable.
- Next message: Anders Larsen: "Re: REDIRECTS ok in input but fail in user chain"
- Previous message: Luke Vogel: "Re: Kernel hardening - LIDS vs GRSecurity vs NSA"
- In reply to: RainbowHat: "Re: ICMP type 3, an attack?"
- Next in thread: ujay: "Re: ICMP type 3, an attack?"
- Reply: ujay: "Re: ICMP type 3, an attack?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
