SANS Internet Storm Center, InfoCON: green

Syndicate content SANS Internet Storm Center, InfoCON: green
Updated: 27 min 34 sec ago

New OWASP Testing guide version 4! Check https://www.owasp.org/images/1/19/OTGv4.pdf, (Sat, Sep 20th)

Sat, 2014/09/20 - 17:57
Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter: (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security Posts

Strange ICMP traffic seen in destination, (Sat, Sep 20th)

Sat, 2014/09/20 - 17:45
Reader Ronnie provided us today a packet capture with a very interesting situation:
  1. Several packets are arriving, all ICMP echo request from unrelated address:
  2. All ICMP packets being sent to the destination address does not have data, leaving the packet with the 20 bytes for the IP header and 8 bytes for the ICMP echo request without data
  3. All the unrelated address sent 6 packets: One with normal TTL and 5 with incremental TTL:
Seems to be those packets are trying to map a route, but in a very particular way. Since there are many unrelated IP addresses trying to do the same, maybe something is trying to map routes to specific address to do something not good. The destination IP address is an ADSL client. Is anyone else seeing these kind of packets? If you do, we definitely want to hear from you. Let us know! Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter:@manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security Posts