Subject: | |
From: | |
Reply To: | |
Date: | Fri, 26 Dec 2003 13:27:15 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Johnson, Tracy wrote:
> Anyone ever got called from your ISP on the idea that your HP3000 is
> sending out 92 byte packets and this is indicative of virus-like
> behavior?
>
> I think only that a worm is pinging some of our systems. and the 92
> bytes is only a "can't-do" response to a Nachi virus attack.
I haven't packet-sniffed ICMP from the 3000 to determine a signature,
but as far as the 3000 having a Nachi attack, nope.
The Nachi ping is 106 bytes on the wire, 92 bytes of IP payload, and 64
bytes of ICMP data payload consisting of all 0xAA's.
Jeff
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
|
|