|
Incidents
Tracking down random ICMP Jan 22 2007 01:19PM Craig Chamberlain (craig chamberlain Q1Labs com) (3 replies) Re: Tracking down random ICMP Jan 23 2007 03:32PM Valdis Kletnieks vt edu (2 replies) Re: Tracking down random ICMP Jan 25 2007 12:13PM Javier Fernández-Sanguino (jfernandez germinus com) (1 replies) Re: Tracking down random ICMP Jan 25 2007 05:20PM Valdis Kletnieks vt edu (2 replies) DoS attacks using ports 31800, 31900 ? Feb 02 2007 06:27PM David Gillett (gillettdavid fhda edu) (1 replies) |
|
|
Privacy Statement |
> I'm not aware of any well-known userspace API that generates ICMP, so
> any userspace would have to be hand-crafting the packets itself. So
> what you're looking for is a process that has a raw socket open.
at least on Win32:
http://msdn2.microsoft.com/en-us/library/aa366045.aspx
and then something along these lines:
HANDLE hIcmpFile;
char[] SendData = "Data Buffer";
LPVOID ReplyBuffer;
if ((hIcmpFile = IcmpCreateFile()) == INVALID_HANDLE_VALUE)
printf("\tUnable to open file.\n");
else
printf("\tFile created.\n");
// Declare and initialize variables
ReplyBuffer = (VOID*) malloc(sizeof(ICMP_ECHO_REPLY) + sizeof(SendData));
if ((dwRetVal = IcmpSendEcho(hIcmpFile,
inet_addr("1.2.3.4"), // jose@ fix to use a valid IP
SendData, sizeof(SendData),
NULL, ReplyBuffer,
sizeof(SendData) + sizeof(ICMP_ECHO_REPLY),
1000)) != 0) {
PICMP_ECHO_REPLY pEchoReply = (PICMP_ECHO_REPLY)ReplyBuffer;
printf("\tReceived %ld messages.\n", dwRetVal);
printf("\tMessage: %s\n", pEchoReply->Data);
}
else {
printf("\tCall to IcmpSendEcho() failed.\n");
printf("\tError: %ld\n", GetLastError());
}
// END OF EXAPLE
anything that can trace API calls (ie debuggers and such) should be able
to help you track down the process.
________
jose nazario, ph.d. jose (at) monkey (dot) org [email concealed]
http://monkey.org/~jose/ http://monkey.org/~jose/secnews.html
http://www.wormblog.com/
[ reply ]