At 03:21 PM 28/05/2002 -0400, Jeff Mcadams wrote:
Also sprach E.B. Dreger
RAS> be mistaken for a port scan. But for so many network admins, RAS> all they know is "ICMP bad".
That'll be the day when someone calls abuse saying "I'm being attacked by ICMP unreachables!" ;-)
"That'll be..."? Future tense? Hrmm...
Here is a sample posting from the "future"... It was much worse when my email address was the ARIN contact and I would get people screaming at me asking why I was hacking their machine :-( ---------begin annoying auto-robot-program---------- The attempt was detected by the personal firewall running on my machine, and I am quite concerned about it. If you are in fact responsible for this network, please do the following: 1) Research the access attempt(s), 2) Inform the responsible parties to discontinue access attempts, 3) Reply to me with your findings. If you are not responsible for this network, please forward this message to the person who is, or, if you do not know who this person is, please get back to me with that information as well. Thank you. The access attempt(s) are shown below, including the date and time, port number, TCP or UDP indicator, and, if known, a service name associated with the port. Jeu 09 mai 2002 15:30:22, Port 3, ICMP, Destination Unreachable Jeu 09 mai 2002 15:30:21, Port 3, ICMP, Destination Unreachable Jeu 09 mai 2002 15:30:10, Port 3, ICMP, Destination Unreachable Jeu 09 mai 2002 15:30:09, Port 3, ICMP, Destination Unreachable