[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <26563eca0608151419v14841b02h251fc42e0fb6978f@mail.gmail.com>
Date: Tue, 15 Aug 2006 17:19:31 -0400
From: "Darren Bounds" <dbounds@...il.com>
To: "Dude VanWinkle" <dudevanwinkle@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Re: ICMP Destination Unreachable Port
Unreachable
Dude,
In case you've failed to notice, this is an ICMP port unreachable message.
It's sent in response to a UDP packet destined for an unavailable UDP port.
The port '0' referenced in the event source/destination is meaningless as
ICMP doesn't use source and destination ports (it is always '0').
The payload of the ICMP unreachable message contains original IP header (of
the initial UDP packet) and at least 64 bits (8 bytes) of original data
datagram. The size of data echoed will vary depending on the implementation.
On 8/15/06, Dude VanWinkle <dudevanwinkle@...il.com> wrote:
>
> On 8/15/06, Julio Cesar Fort <julio@...slabs.com.br> wrote:
> > Dude VanWinkle,
> >
> > > <snip>
> > > -----------------------------
> > > Looks to me like they are using port 0.
> > > http://www.grc.com/port_0.htm
> > > -JP
> >
> > *NEVER TRUST* Steve Gibson. I bet he smokes crack. See
> > http://attrition.org/errata/charlatan.html#gibson for more details.
>
>
> thanks for the tip!
>
> Still, I cant seem to help but think there is something to this port 0
> thingy
>
> http://www.networkpenetration.com/port0.html
>
> <snip>
>
> 3. Port 0 OS Fingerprinting
> ---------------------------
> As port 0 is reserverd for special use as stated in RFC 1700. Coupled
> with the fact that this port number is reassigned by the OS, no
> traffic should flow over the internet using this port. As the
> specifics are not clear different OS's have differnet ways of handling
> traffic using port 0 thus they can be fingerprinted.
>
> --------------------------------------------
>
> I guess that is just a reaction to traffic and not actual traffic via
> port 0, but still nifty info
>
> -JP
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
Thank you,
Darren Bounds
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists