[Snort-sigs] Signature Definition #460, 5 of 20 and Signature Definition # 458

Brian bmc at ...95...
Tue Jun 10 11:16:05 EDT 2003


On Tue, Jun 10, 2003 at 08:27:03AM -0700, Steven Alexander wrote:
> There are tools that will craft any sort of packet that you want
> (sendip).  I just haven't seen any tool that uses unassigned icmp types
> to exploit or test for any sort of vulnerability.  I haven't seen a tool
> that sends such a packet without the user having to specifically choose
> the options.  If you have a tool that uses these options to exploit or
> test for a vulnerability I would love to know what you're using.

while I havn't seen it in an exploit, I have seen odd icmp types &
codes used in conjunction with backdoors, network stack profiling, and
firewall scanning.

-brian




More information about the Snort-sigs mailing list