Incidents
Tracking down random ICMP Jan 22 2007 01:19PM
Craig Chamberlain (craig chamberlain Q1Labs com) (3 replies)
Re: Tracking down random ICMP Feb 02 2007 11:25PM
Frank Knobbe (frank knobbe us)
Re: Tracking down random ICMP Jan 23 2007 03:32PM
Valdis Kletnieks vt edu (2 replies)
Re: Tracking down random ICMP Jan 25 2007 12:13PM
Javier Fernández-Sanguino (jfernandez germinus com) (1 replies)
Re: Tracking down random ICMP Jan 25 2007 05:20PM
Valdis Kletnieks vt edu (2 replies)
On Thu, 25 Jan 2007 13:13:20 +0100, =?ISO-8859-1?Q?Javier_Fern=E1ndez-Sanguino?= said:
> Valdis.Kletnieks (at) vt (dot) edu [email concealed] dijo:
> > On Mon, 22 Jan 2007 09:19:31 -0400, Craig Chamberlain said:
> >> Is there a tool that can determine which process ID is generating ICMP
> >> packets or IRPs in Windows? TDImon seems to be TCP/UDP only. TCPview and
> >> netstat apparently can't do it.
> >
> > I'm not aware of any well-known userspace API that generates ICMP, so
> > any userspace would have to be hand-crafting the packets itself. So what
> > you're looking for is a process that has a raw socket open.
>
> Maybe you don't know about libdnet? [1] There are quite a number of
> tools that use it.

Note that libdnet is basically just a set of wrapper functions that help
the programmer craft a raw packet with the right bits, as opposed to an
actual documented system/kernel API akin to the socket/bind/connect/send/rcvmsg
calls in the Unix-y networking API.

Of course, Jose Nazario proved me wrong and found that Microsoft did actually
provide an API for this. Apparently the concept of userspace-generated ICMP
as a layering violation doesn't bother the Microsoft design team much. :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001

iD8DBQFFuObCcC3lWbTT17ARAtX5AJ9AHhRxBTMt69saQKvMX7uEiPGNMQCfdKql
mRQDv8JZabwWJrtaVi9NUR8=
=XAVL
-----END PGP SIGNATURE-----

[ reply ]
DoS attacks using ports 31800, 31900 ? Feb 02 2007 06:27PM
David Gillett (gillettdavid fhda edu) (1 replies)
Re: DoS attacks using ports 31800, 31900 ? Feb 06 2007 03:36PM
Deapesh Misra (deapesh gmail com)
Attempted FTP intrusion Jan 31 2007 05:43PM
David Gillett (gillettdavid fhda edu) (1 replies)
Re: Attempted FTP intrusion Jan 31 2007 10:09PM
Tillmann Werner (tillmann werner gmx de)
Re: Tracking down random ICMP Jan 23 2007 09:37PM
Jose Nazario (jose monkey org) (1 replies)
Re: Tracking down random ICMP Jan 24 2007 01:05AM
Bojan Zdrnja (bojan zdrnja gmail com) (1 replies)
Re: Tracking down random ICMP Feb 09 2007 12:17AM
Jean-Baptiste Marchand (jbm lists gmail com)
Re: Tracking down random ICMP Jan 23 2007 03:50AM
Kyle Maxwell (krmaxwell gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus