lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <120ef0530608151131k6ebf8e5fi11ef43f472000783@mail.gmail.com>
Date: Tue, 15 Aug 2006 14:31:09 -0400
From: "Richard Bejtlich" <taosecurity@...il.com>
To: full-disclosure@...ts.grok.org.uk, simon@...soft.com, 
	dudevanwinkle@...il.com
Cc: 
Subject: Re: ICMP Destination Unreachable Port Unreachable

Adriel T. Desautels wrote:
>
> Hi List,
> I've been receiving this traffic for a while from the same IP address. Does anyone \
> have any idea what type of traffic this might be. Neither the source IP or the target \
> IP have any ports associated with them in this event. Any ideas would be appreciated. \

Hello,

Looking at the presumed ICMP payload you posted, and starting with
0x45, you have a UDP packet from 70.91.131.49:16229 to
82.246.252.214:2597.

I decoded this quickly -- someone feel free to correct me if I'm wrong.

Nothing appears to be listening on port 2597 UDP, so you are seeing a
"ICMP Destination Unreachable Port Unreachable" ICMP error message.

Your IDS is not reporting ports because ICMP doesn't use ports.

Sincerely,

Richard
http://taosecurity.blogspot.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ