lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <8f1f7b60608151213y18031b3ewa37e7d37b3189952@mail.gmail.com>
Date: Tue, 15 Aug 2006 15:13:27 -0400
From: "Peter Dawson" <slash.pd@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: ICMP Destination Unreachable Port Unreachable

for an instance, I thought it was a ping sweep varition in occurance.. snort
logs s/have some more info .. were the src and dst  IP's random or static..
?

On 8/15/06, Richard Bejtlich <taosecurity@...il.com> wrote:
>
> Adriel T. Desautels wrote:
> >
> > Hi List,
> > I've been receiving this traffic for a while from the same IP address.
> Does anyone \
> > have any idea what type of traffic this might be. Neither the source IP
> or the target \
> > IP have any ports associated with them in this event. Any ideas would be
> appreciated. \
>
> Hello,
>
> Looking at the presumed ICMP payload you posted, and starting with
> 0x45, you have a UDP packet from 70.91.131.49:16229 to
> 82.246.252.214:2597.
>
> I decoded this quickly -- someone feel free to correct me if I'm wrong.
>
> Nothing appears to be listening on port 2597 UDP, so you are seeing a
> "ICMP Destination Unreachable Port Unreachable" ICMP error message.
>
> Your IDS is not reporting ports because ICMP doesn't use ports.
>
> Sincerely,
>
> Richard
> http://taosecurity.blogspot.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://peterdawson.typepad.com
PeterDawson Home of ThoughtFlickr's
"This message is printed on Recycled Electrons."

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ