Network Security: Detailed info on Re: Tracking down random ICMP

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

Re: Tracking down random ICMP

from [Bojan Zdrnja] Network Security

[Permanent Link]

Subject:	Re: Tracking down random ICMP
Date:	Wed, 24 Jan 2007 14:05:55 +1300

On 1/24/07, Jose Nazario <jose@monkey.org> wrote:

On Tue, 23 Jan 2007, Valdis.Kletnieks@vt.edu wrote:

> I'm not aware of any well-known userspace API that generates ICMP, so
> any userspace would have to be hand-crafting the packets itself.  So
> what you're looking for is a process that has a raw socket open.

at least on Win32:

        http://msdn2.microsoft.com/en-us/library/aa366045.aspx

and then something along these lines:


So, in other words, for the original poster: use ListDLLs
(http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ListDlls.mspx)
which will list all processes and show you DLLs that each of them is
using. Then go through that list and eliminate all processes that are
not using Iphlpapi.dll. Now you will have a list of processes that
need to be examined further.

This all works only, of course, if the process is not opening raw
sockets but if it's using the DLL Jose mentioned.

Cheers,

Bojan

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Tracking down random ICMP, Craig Chamberlain Re: Tracking down random ICMP, Kyle Maxwell Re: Tracking down random ICMP, Valdis . Kletnieks Re: Tracking down random ICMP, Jose Nazario Re: Tracking down random ICMP, Bojan Zdrnja <= Re: Tracking down random ICMP, Javier Fernández-Sanguino Re: Tracking down random ICMP, Valdis . Kletnieks Attempted FTP intrusion, David Gillett Re: Attempted FTP intrusion, Tillmann Werner

Previous by Date:	Re: Tracking down random ICMP, Jose Nazario
Next by Date:	Re: Tracking down random ICMP, Javier Fernández-Sanguino
Previous by Thread:	Re: Tracking down random ICMP, Jose Nazario
Next by Thread:	Re: Tracking down random ICMP, Javier Fernández-Sanguino
Indexes:	[Date] [Thread] [Top] [All Lists]