From: Tracy Blackmore (TracyB@xxxxxxxxx)
Date: Wed Nov 07 2001 - 11:57:06 GMT-3
ICMP Port unreachable is the proper response to any application that is
attempting to establish a TCP socket when the host is not listening on that
port. Point your web browser to a desktop (not running a web server) and
you'll get the as well.
As many firewalls block ICMP, many hacking tools use various programs to
elisit an ICP Port Unreachable. This is one of the first steps in mapping
your targets. This ICMP packet not only tells them what services are
running, it may also clue them into what operating system is running. If
this is a 'bad' user, save your logs and contact your CIRT team. If not, it
just means that he's attempting to reach a service that isn't running at the
time.
Tracy W. Blackmore
Principal Consultant
T.S. Lad Consulting
480.558.0472
-----Original Message-----
From: Wright, Jeremy [mailto:JA_WRIGHT@admworld.com]
Sent: Wednesday, November 07, 2001 7:38 AM
To: 'ccielab@groupstudy.com'
Cc: 'cisco@groupstudy.com'
Subject: Sniffer Question
I am tracing on a specific user and in the expert (station layer) I am
getting a bunch of ICMP port unreachables. The user is using email, the web,
and connecting to network drives but no pinging. Anybody have any experience
with this same problem? Thanks
This archive was generated by hypermail 2.1.4 : Fri Jun 21 2002 - 06:45:06 GMT-3