[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] shout out 4 ...

To: "Ferris, Robin" <R.Ferris@xxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] shout out 4 ...
From: "Schmehl, Paul L" <pauls@xxxxxxxxxxxx>
Date: Tue, 23 Sep 2003 10:01:51 -0500

>-----Original Message-----
>From: Ferris, Robin [mailto:R.Ferris@xxxxxxxxxxxx] 
>Sent: Tuesday, September 23, 2003 6:18 AM
>To: full-disclosure@xxxxxxxxxxxxxxxx
>Subject: [Full-Disclosure] shout out 4 ...
>
>im looking for a detailed sniffer analysis of nachia, 
>I had watched theinfo flow through this list when it 
>first appeared. However some one has just asked for 
>some help but specifically from the detailed network 
>sniffer side of things. 
>
>Things like packet sizes, frequency of scans, scan 
>pattersn etc etc

Put an unpatched Win2k box on the Internet.  Wait five minutes.  Take if
off the Internet (please!) and connect it to a box running ethereal and
capture the packets.  Very simple.

The packets are 92 bytes with a 64 byte payload.  ICMP type 8, code 0.
They scan networks sequentially (1,2,3,4,etc.).

Paul Schmehl (pauls@xxxxxxxxxxxx)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Please don't feed the troll (was: Re: [Full-Disclosure] Is Marty Lying?)
Next by Date: RE: [Full-Disclosure] Just when you thought Macafee stuff was safe!
Previous by thread: [Full-Disclosure] shout out 4 ...
Next by thread: RE: [Full-Disclosure] shout out 4 ...
Index(es):
- Date
- Thread