[ntp:hackers] GPS.FreeBSD.org moves to new IP#
Poul-Henning Kamp
phk at phk.freebsd.dk
Fri Aug 22 08:48:51 PDT 2003
More on the SoBig.F, I made a packet trace, and the packets from
the virii are pretty easy to recognize:
15:46:22.866837 67.200.37.52.3681 > 212.242.86.186.123: [udp sum ok] v4 client strat 0 poll 0 prec 0 dist 0.000000 disp 0.000000 ref (unspec)@0.000000000 orig 0.000000000 rec -0.000000000 xmt -1024411316.000000000 (ttl 114, id 42577, len 76)
15:46:23.052827 65.65.38.194.3458 > 212.242.86.186.123: [udp sum ok] v4 client strat 0 poll 0 prec 0 dist 0.000000 disp 0.000000 ref (unspec)@0.000000000 orig 0.000000000 rec -0.000000000 xmt -1024411315.000000000 (ttl 107, id 24604, len 76)
15:46:23.066811 69.22.56.170.2608 > 212.242.86.186.123: [udp sum ok] v4 client strat 0 poll 0 prec 0 dist 0.000000 disp 0.000000 ref (unspec)@0.000000000 orig 0.000000000 rec -0.000000000 xmt -1024411051.000000000 (ttl 109, id 12867, len 76)
15:46:23.170814 198.206.239.254.3969 > 212.242.86.186.123: [udp sum ok] v4 client strat 0 poll 0 prec 0 dist 0.000000 disp 0.000000 ref (unspec)@0.000000000 orig 0.000000000 rec -0.000000000 xmt -1024411313.000000000 (ttl 111, id 32832, len 76)
Unfortunately I'm not quite sure I know how we can gainfully
use this knowledge...
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the hackers
mailing list