On Mon, Nov 18, 2002 at 11:54:01PM +0100, Marcel Weber wrote: > Hi > > Today I had a whole bunch of large ICMP packages on the company's LAN > (about 20). > Interesting is, that they came mostly from the Windows 2000 Servers. I > discovered the first of these packages 2 or 3 weeks ago. > > These packets are long (2090 Bytes) and not filled with nulls, but with > more or less weird content. They have no "Don't fragment" flags set, so I > wonder where they come from and what they good for. > > Has anybody seem such packets yet? (See attachment) > > Regards > > Marcel
It seems to me like tunelling something inside ICMP protocol. And that JFIF - isn't something similar in JPEG headers? Aren't these Win2000 servers hacked? Just an idea :) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Arne Rusek <[EMAIL PROTECTED]> Phone: +420732673195 ----------------------------------------------------------------------- *** Take back the Net! http://www.anti-dmca.org -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
