Incidents
Tracking down random ICMP Jan 22 2007 01:19PM
Craig Chamberlain (craig chamberlain Q1Labs com) (3 replies)
Re: Tracking down random ICMP Feb 02 2007 11:25PM
Frank Knobbe (frank knobbe us)
Re: Tracking down random ICMP Jan 23 2007 03:32PM
Valdis Kletnieks vt edu (2 replies)
Re: Tracking down random ICMP Jan 25 2007 12:13PM
Javier Fernández-Sanguino (jfernandez germinus com) (1 replies)
Re: Tracking down random ICMP Jan 25 2007 05:20PM
Valdis Kletnieks vt edu (2 replies)
DoS attacks using ports 31800, 31900 ? Feb 02 2007 06:27PM
David Gillett (gillettdavid fhda edu) (1 replies)
Re: DoS attacks using ports 31800, 31900 ? Feb 06 2007 03:36PM
Deapesh Misra (deapesh gmail com)
Attempted FTP intrusion Jan 31 2007 05:43PM
David Gillett (gillettdavid fhda edu) (1 replies)
Re: Attempted FTP intrusion Jan 31 2007 10:09PM
Tillmann Werner (tillmann werner gmx de)
Re: Tracking down random ICMP Jan 23 2007 09:37PM
Jose Nazario (jose monkey org) (1 replies)
On Tue, 23 Jan 2007, Valdis.Kletnieks (at) vt (dot) edu [email concealed] wrote:

> I'm not aware of any well-known userspace API that generates ICMP, so
> any userspace would have to be hand-crafting the packets itself. So
> what you're looking for is a process that has a raw socket open.

at least on Win32:

http://msdn2.microsoft.com/en-us/library/aa366045.aspx

and then something along these lines:

HANDLE hIcmpFile;
char[] SendData = "Data Buffer";
LPVOID ReplyBuffer;

if ((hIcmpFile = IcmpCreateFile()) == INVALID_HANDLE_VALUE)
printf("\tUnable to open file.\n");
else
printf("\tFile created.\n");

// Declare and initialize variables
ReplyBuffer = (VOID*) malloc(sizeof(ICMP_ECHO_REPLY) + sizeof(SendData));
if ((dwRetVal = IcmpSendEcho(hIcmpFile,
inet_addr("1.2.3.4"), // jose@ fix to use a valid IP
SendData, sizeof(SendData),
NULL, ReplyBuffer,
sizeof(SendData) + sizeof(ICMP_ECHO_REPLY),
1000)) != 0) {
PICMP_ECHO_REPLY pEchoReply = (PICMP_ECHO_REPLY)ReplyBuffer;
printf("\tReceived %ld messages.\n", dwRetVal);
printf("\tMessage: %s\n", pEchoReply->Data);
}
else {
printf("\tCall to IcmpSendEcho() failed.\n");
printf("\tError: %ld\n", GetLastError());
}

// END OF EXAPLE

anything that can trace API calls (ie debuggers and such) should be able
to help you track down the process.

________
jose nazario, ph.d. jose (at) monkey (dot) org [email concealed]
http://monkey.org/~jose/ http://monkey.org/~jose/secnews.html
http://www.wormblog.com/

[ reply ]
Re: Tracking down random ICMP Jan 24 2007 01:05AM
Bojan Zdrnja (bojan zdrnja gmail com) (1 replies)
Re: Tracking down random ICMP Feb 09 2007 12:17AM
Jean-Baptiste Marchand (jbm lists gmail com)
Re: Tracking down random ICMP Jan 23 2007 03:50AM
Kyle Maxwell (krmaxwell gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus