Re: port scanners/ICMP port unreachable

Oliver Friedrichs (iceman@MBnet.MB.CA)
Tue, 28 Mar 1995 15:04:30 -0600 (CST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: James O.: "Re: Regarding Intro's & Auto Replies"
Previous message: Paul Ferguson: "Re: port scanners/ICMP port unreachable"
In reply to: Paul Ferguson: "Re: port scanners/ICMP port unreachable"
Next in thread: Dan Pollack: "Re: port scanners/ICMP port unreachable"

On Tue, 28 Mar 1995, Paul Ferguson wrote:

> Actually, I did understand what he meant. My reply was to to simply
> use a method to drop all ICMP traffic prior to entry.

Scenario:  Someone attempts to open a TCP connection to host "secure" on
	   port 3254 (or some other random number), where there is no
	   service running.  This person is attempting to scan the host
	   looking for running services.  Since there's nothing running
	   on that port - "secure" will return an ICMP port unreachable
	   packet.  Our program is watching all traffic to and from
	   "secure" and looking for outgoing ICMP port unreachable packets
	   that meet our requirements.  We now know that "Someone" has
	   tried to connect to an invalid port.

- Oliver

Next message: James O.: "Re: Regarding Intro's & Auto Replies"
Previous message: Paul Ferguson: "Re: port scanners/ICMP port unreachable"
In reply to: Paul Ferguson: "Re: port scanners/ICMP port unreachable"
Next in thread: Dan Pollack: "Re: port scanners/ICMP port unreachable"