>-----Original Message----- >From: Ferris, Robin [mailto:[EMAIL PROTECTED] >Sent: Tuesday, September 23, 2003 6:18 AM >To: [EMAIL PROTECTED] >Subject: [Full-Disclosure] shout out 4 ... > >im looking for a detailed sniffer analysis of nachia, >I had watched theinfo flow through this list when it >first appeared. However some one has just asked for >some help but specifically from the detailed network >sniffer side of things. > >Things like packet sizes, frequency of scans, scan >pattersn etc etc
Put an unpatched Win2k box on the Internet. Wait five minutes. Take if off the Internet (please!) and connect it to a box running ethereal and capture the packets. Very simple. The packets are 92 bytes with a 64 byte payload. ICMP type 8, code 0. They scan networks sequentially (1,2,3,4,etc.). Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
