[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] RE: Increased TCP 139 Activity

Choe.Sung Cont. PACAF CSS/SCHP wrote:

Ron Dufresne wrote:

If this is indeed the case, the ping sweep will all be packets of 92 byte,
these are windows packets, and the recent rcpdcom sploits are the culprit.



ICMP packets 92-bytes in size (72 bytes + 20 bytes for header) are usually
due to a welchia infected host trying to propagate.  It is not a rpcdcom
exploit.



I believe Windows `tracert' program uses 92 byte ICMP packets.

\a


V/r,
Sung J. Choe
PACAF CSS/SCHP, PACAF NOSC
Information Assurance Analyst
DSN: 315-449-4317, Comm: 808-449-4317




The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the intended recipient. If you are not the intended recipient any disclosure, reproduction, distribution or other dissemination or use of this communications is strictly prohibited. The views expressed in this e-mail are those of the individual and not necessarily of MIS Corporate Defence Solutions Ltd. Any prices quoted are only valid if followed up by a formal written quote. If you have received this transmission in error, please contact our Security Manager on 44 (0) 1622 723410.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html