lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 15 Aug 2006 17:19:31 -0400
From: "Darren Bounds" <dbounds@...il.com>
To: "Dude VanWinkle" <dudevanwinkle@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Re: ICMP Destination Unreachable Port
	Unreachable

Dude,

In case you've failed to notice, this is an ICMP port unreachable message.
It's sent in response to a UDP packet destined for an unavailable UDP port.
The port '0' referenced in the event source/destination is meaningless as
ICMP doesn't use source and destination ports (it is always '0').

The payload of the ICMP unreachable message contains original IP header (of
the initial UDP packet) and at least 64 bits (8 bytes) of original data
datagram. The size of data echoed will vary depending on the implementation.




On 8/15/06, Dude VanWinkle <dudevanwinkle@...il.com> wrote:
>
> On 8/15/06, Julio Cesar Fort <julio@...slabs.com.br> wrote:
> > Dude VanWinkle,
> >
> > > <snip>
> > > -----------------------------
> > > Looks to me like they are using port 0.
> > > http://www.grc.com/port_0.htm
> > > -JP
> >
> > *NEVER TRUST* Steve Gibson. I bet he smokes crack. See
> > http://attrition.org/errata/charlatan.html#gibson for more details.
>
>
> thanks for the tip!
>
> Still, I cant seem to help but think there is something to this port 0
> thingy
>
> http://www.networkpenetration.com/port0.html
>
> <snip>
>
> 3. Port 0 OS Fingerprinting
> ---------------------------
> As port 0 is reserverd for special use as stated in RFC 1700. Coupled
> with the fact that this port number is reassigned by the OS, no
> traffic should flow over the internet using this port. As the
> specifics are not clear different OS's have differnet ways of handling
> traffic using port 0 thus they can be fingerprinted.
>
> --------------------------------------------
>
> I guess that is just a reaction to traffic and not actual traffic via
> port 0, but still nifty info
>
> -JP
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 

Thank you,
Darren Bounds

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists