| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Aug 2006 14:31:09 -0400 From: "Richard Bejtlich" <taosecurity@...il.com> To: full-disclosure@...ts.grok.org.uk, simon@...soft.com, dudevanwinkle@...il.com Cc: Subject: Re: ICMP Destination Unreachable Port Unreachable Adriel T. Desautels wrote: > > Hi List, > I've been receiving this traffic for a while from the same IP address. Does anyone \ > have any idea what type of traffic this might be. Neither the source IP or the target \ > IP have any ports associated with them in this event. Any ideas would be appreciated. \ Hello, Looking at the presumed ICMP payload you posted, and starting with 0x45, you have a UDP packet from 70.91.131.49:16229 to 82.246.252.214:2597. I decoded this quickly -- someone feel free to correct me if I'm wrong. Nothing appears to be listening on port 2597 UDP, so you are seeing a "ICMP Destination Unreachable Port Unreachable" ICMP error message. Your IDS is not reporting ports because ICMP doesn't use ports. Sincerely, Richard http://taosecurity.blogspot.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists