From: Byron Copeland (nodialtone@comcast.net)
Date: Mon Sep 15 2003 - 22:54:26 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Not to mention, perhaps they could also be used as smurf amplifiers to DoS other targets as well.
- -- "I always wonder why people choose to support MS and then complain about all of these issues that are known in advance."
> -----Original Message-----
> From: R. DuFresne [mailto:dufresne@sysinfo.com]
> Sent: Monday, September 15, 2003 2:13 PM
> To: Sekurity Wizard
> Cc: gr00vy; pentest
> Subject: RE: ICMP TYPE 3
>
>
> And this is a good thing, as being able to ping the broadcast address can
> create a ping storm. There are still many sites that are not setup to
> prevent this and used as tools to ping flood others.
>
> Thanks,
>
> Ron DuFresne
>
> On Sun, 14 Sep 2003, Sekurity Wizard wrote:
>
> > That's your default route....it's telling you that you can't do what
> > you're trying to do.
> >
> > -----Original Message-----
> > From: gr00vy [mailto:groovy2600@yahoo.com.ar]
> > Sent: Saturday, September 13, 2003 12:00 AM
> > To: pentest
> > Subject: ICMP TYPE 3
> >
> >
> > While I was doing some researching work I ping a broadcast ip address
> > and for my surprise i recieve an extrange response:
> >
> > FIRST RESPONSE:
> >
> > Internet Protocol, Src Addr: 200-70-xxx-164.rse.com.ar (200.70.xxx.164),
> > Dst Addr: 200-70-xxx-121.rse.com.ar (200.70.xxx.121) Internet Control
> > Message Protocol
> > Type: 0 (Echo (ping) reply)
> > Code: 0
> >
> > SECOND RESPONSE:
> >
> > Internet Protocol, Src Addr: 172.xxx.230.242 (172.xxx.230.242), Dst
> > Addr: 200-70-xxx-121.rse.com.ar (200.70.xxx.121)
> > Internet Control Message Protocol
> > Type: 3 (Destination unreachable)
> > Code: 13 (Communication administratively filtered) <<< Weird!
> >
> > The OS's seems to be (xprobe):
> >
> > First ROUTER
> > [+] Host 200.70.xxx.164 Running OS: "HP JetDirect ROM G.07.02 EEPROM
> > G.07.20" (Guess probability: 87%)
> >
> > Second ROUTER
> > [+] Host 172.xxx.230.242 Running OS: "Cisco IOS 12.2" (Guess
> > probability: 71%)
> >
> >
> > My question is, what is it? an ACL? why do i get a response of a machine
> > i did not ping??? maybe it is a extrange behavior from Cisco ios. This
> > might help to fingerprint Os's who knows ????
> >
> > Bye
> >
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> admin & senior security consultant: sysinfo.com
> http://sysinfo.com
>
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation."
> -- Johnny Hart
>
> testing, only testing, and damn good at it too!
>
>
> --------------------------------------------------------------------------
> -
> FREE Trial!
> New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
> and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
> technology powered by the award-winning FoundScan engine. Try it free for
> 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-
> test_030825
> --------------------------------------------------------------------------
> --
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQA/AwUBP2Z7YmHZJr/4PEW4EQJ6tgCgy7aC75DZW00cAKImj1dzqYRU15UAniUJ
Wozksubo63qULd9fmiwvPltx
=eGVd
-----END PGP SIGNATURE-----
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:40 EDT