[<prev] [next>] [day] [month] [year] [list]
Message-ID: <871080DEC5874D41B4E3AFC5C400611E03F60B66@UTDEVS02.campus.ad.utdallas.edu>
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: shout out 4 ...
>-----Original Message-----
>From: Ferris, Robin [mailto:R.Ferris@...ier.ac.uk]
>Sent: Tuesday, September 23, 2003 6:18 AM
>To: full-disclosure@...ts.netsys.com
>Subject: [Full-Disclosure] shout out 4 ...
>
>im looking for a detailed sniffer analysis of nachia,
>I had watched theinfo flow through this list when it
>first appeared. However some one has just asked for
>some help but specifically from the detailed network
>sniffer side of things.
>
>Things like packet sizes, frequency of scans, scan
>pattersn etc etc
Put an unpatched Win2k box on the Internet. Wait five minutes. Take if
off the Internet (please!) and connect it to a box running ethereal and
capture the packets. Very simple.
The packets are 92 bytes with a 64 byte payload. ICMP type 8, code 0.
They scan networks sequentially (1,2,3,4,etc.).
Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
Powered by blists - more mailing lists