Incidents
Tracking down random ICMP Jan 22 2007 01:19PM
Craig Chamberlain (craig chamberlain Q1Labs com) (3 replies)
Re: Tracking down random ICMP Feb 02 2007 11:25PM
Frank Knobbe (frank knobbe us)
Re: Tracking down random ICMP Jan 23 2007 03:32PM
Valdis Kletnieks vt edu (2 replies)
Re: Tracking down random ICMP Jan 25 2007 12:13PM
Javier Fernández-Sanguino (jfernandez germinus com) (1 replies)
Re: Tracking down random ICMP Jan 25 2007 05:20PM
Valdis Kletnieks vt edu (2 replies)
DoS attacks using ports 31800, 31900 ? Feb 02 2007 06:27PM
David Gillett (gillettdavid fhda edu) (1 replies)
Re: DoS attacks using ports 31800, 31900 ? Feb 06 2007 03:36PM
Deapesh Misra (deapesh gmail com)
Attempted FTP intrusion Jan 31 2007 05:43PM
David Gillett (gillettdavid fhda edu) (1 replies)
Re: Attempted FTP intrusion Jan 31 2007 10:09PM
Tillmann Werner (tillmann werner gmx de)
Re: Tracking down random ICMP Jan 23 2007 09:37PM
Jose Nazario (jose monkey org) (1 replies)
Re: Tracking down random ICMP Jan 24 2007 01:05AM
Bojan Zdrnja (bojan zdrnja gmail com) (1 replies)
On 1/24/07, Jose Nazario <jose (at) monkey (dot) org [email concealed]> wrote:
> On Tue, 23 Jan 2007, Valdis.Kletnieks (at) vt (dot) edu [email concealed] wrote:
>
> > I'm not aware of any well-known userspace API that generates ICMP, so
> > any userspace would have to be hand-crafting the packets itself. So
> > what you're looking for is a process that has a raw socket open.
>
> at least on Win32:
>
> http://msdn2.microsoft.com/en-us/library/aa366045.aspx
>
> and then something along these lines:

So, in other words, for the original poster: use ListDLLs
(http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ListD
lls.mspx)
which will list all processes and show you DLLs that each of them is
using. Then go through that list and eliminate all processes that are
not using Iphlpapi.dll. Now you will have a list of processes that
need to be examined further.

This all works only, of course, if the process is not opening raw
sockets but if it's using the DLL Jose mentioned.

Cheers,

Bojan

[ reply ]
Re: Tracking down random ICMP Feb 09 2007 12:17AM
Jean-Baptiste Marchand (jbm lists gmail com)
Re: Tracking down random ICMP Jan 23 2007 03:50AM
Kyle Maxwell (krmaxwell gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus