lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <871080DEC5874D41B4E3AFC5C400611E03F60B66@UTDEVS02.campus.ad.utdallas.edu>
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: shout out 4 ...

>-----Original Message-----
>From: Ferris, Robin [mailto:R.Ferris@...ier.ac.uk] 
>Sent: Tuesday, September 23, 2003 6:18 AM
>To: full-disclosure@...ts.netsys.com
>Subject: [Full-Disclosure] shout out 4 ...
>
>im looking for a detailed sniffer analysis of nachia, 
>I had watched theinfo flow through this list when it 
>first appeared. However some one has just asked for 
>some help but specifically from the detailed network 
>sniffer side of things. 
>
>Things like packet sizes, frequency of scans, scan 
>pattersn etc etc

Put an unpatched Win2k box on the Internet.  Wait five minutes.  Take if
off the Internet (please!) and connect it to a box running ethereal and
capture the packets.  Very simple.

The packets are 92 bytes with a 64 byte payload.  ICMP type 8, code 0.
They scan networks sequentially (1,2,3,4,etc.).

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ