|
Incidents
Tracking down random ICMP Jan 22 2007 01:19PM Craig Chamberlain (craig chamberlain Q1Labs com) (3 replies) Re: Tracking down random ICMP Jan 23 2007 03:32PM Valdis Kletnieks vt edu (2 replies) Re: Tracking down random ICMP Jan 25 2007 12:13PM Javier Fernández-Sanguino (jfernandez germinus com) (1 replies) Re: Tracking down random ICMP Jan 25 2007 05:20PM Valdis Kletnieks vt edu (2 replies) DoS attacks using ports 31800, 31900 ? Feb 02 2007 06:27PM David Gillett (gillettdavid fhda edu) (1 replies) |
|
|
Privacy Statement |
> On Tue, 23 Jan 2007, Valdis.Kletnieks (at) vt (dot) edu [email concealed] wrote:
>
> > I'm not aware of any well-known userspace API that generates ICMP, so
> > any userspace would have to be hand-crafting the packets itself. So
> > what you're looking for is a process that has a raw socket open.
>
> at least on Win32:
>
> http://msdn2.microsoft.com/en-us/library/aa366045.aspx
>
> and then something along these lines:
So, in other words, for the original poster: use ListDLLs
(http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ListD
lls.mspx)
which will list all processes and show you DLLs that each of them is
using. Then go through that list and eliminate all processes that are
not using Iphlpapi.dll. Now you will have a list of processes that
need to be examined further.
This all works only, of course, if the process is not opening raw
sockets but if it's using the DLL Jose mentioned.
Cheers,
Bojan
[ reply ]