[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[stalk:00993] Large ICMP : pop after icmp?!

To: security-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [stalk:00993] Large ICMP : pop after icmp?!
From: KuniG <kunig@xxxxxxxxxxx>
Date: Thu, 15 Nov 2001 00:58:17 +0900

(B
(B
(BKuniG$B$G$9!#(B
(B
$B!!$@$$$VA0$+$i!"?&>l$N(Bsnort$B$,(B"Large ICMP"$B$H$$$&%m%0$rHs>o$KBt;3EG$-=P$7(B
$B$F$*$j$^$7$?!#$7$P$i$/$=$N$^$^$K$7$F$$$?$N$G$9$,!"$"$^$j$K$bB?$$$N$GD4::(B
$B$7;O$a$?$H$3$m!"0J2<$NE?Kv$H$"$$$J$j$^$7$?!#(B
(B
$B!c8!=P!d(B
$B!!0lDj;~4V$4$H$K(B"Large ICMP"$B$,(Bmail server (MS)$B$+$i!"FCDj$N#2Bf$N%[%9%H(B
(B(A,B)$B$XAw=P$5$l$k$N$,(Bsnort$B$K$h$C$F5-O?$5$l$k!#(B
$B!cD4::!d(B
$B!!(Bgateway$B>e$G(Btcpdump$B$rAv$i$;4F;k$7$F$$$k$H!"(B
$B!&>e5-$N%m%0$,;D$k$N$O%[%9%H(BA,B$B$,(BMS$B$N(Bpop$B$K%"%/%;%9$9$k$H$-$G$"$C$?!#(B
$B!!!t$@$+$i0lDj;~4V$4$H$K%m%0$,;D$C$?$N$G$9$M!#(B
$B!&%[%9%H(BA,B$B$O(Bpop$B$K%"%/%;%9$9$kA0$KI,$:(Bicmp echo request$B$rAw?.$7$F$$$?!#(B
$B!&$7$+$b(Bicmp echo request$B$N%G!<%?D9$,(B1500byte$B$b$"$k$3$H$,J,$+$C$?!#(B
$B!!!t$=$l$KBP$7$F(BMS$B$,AGD>$K(Breply$B$7$F$$$?$N$G!"(Bsnort$B$K$R$C$+$+$k!#(B
$B!&%[%9%H(BA,B$B$O$=$l$>$l(BMacintosh$B$G!"(BMacOS8.6 OpenTransport2.5.1$B!"(B
$B!!(BMacOS9.0 OpenTransport2.5.2 $B$G$"$C$?!#(B
$B!cBP:v!d(B
$B!!$R$H$^$:(Bgoogle$B$G(B"mac icmp 1500 byte"$B$G8!:w$9$k$H!"(B"Mac DoS Flood
(BAttack"$B$H$$$&$h$&$J5-;v$,$$$/$D$b%R%C%H!*(B(^^;$B!!FbMF$K4X$7$F=OFI$7$F$$$J(B
$B$$$N$G$9$,!"$I$&$d$i:#2s$N860x$N=j:_$,(BOS$B$K$"$k$h$&$J46?($rDO$s$@$N$G(B
(BApple$B$N%5%$%H$K9T$/$H!"(BOpenTransport2.6$B$N%@%&%s%m!<%I%Z!<%8$K(BDoS$B$&$s$L$s(B
$B$KBP=h$H=q$$$F$"$k!#(B
(B
(Bhttp://www.apple.co.jp/ftp-info/reference/open_transport_2.6_update.html
(B
$B!!$H$$$&$3$H$G!"%[%9%H(BA,B$B$N(BOpenTransport$B$r(B2.6$B$K%"%C%W%G!<%H$7$^$7$?!#(B
(B
$B!c7k2L!d(B
$B!!$a$G$?$/(Bsnort$B$K$O%m%0$,;D$i$J$/$J$j$^$7$?!"$H$$$&$+%[%9%H(BA,B$B$O(Bpop$B$NA0(B
$B$K(Bicmp echo request$B$r=P$5$J$/$J$j$^$7$?!#(B
(B
(B---
$B!!$R$g$s$J=j$+$i(BMac$B$N%;%-%e%j%F%#%[!<%k!)$rDY$9$3$H$,$G$-$?$o$1$G!J$G$-(B
$B$?$N$+$J$!!)!K!"C*$\$?$H$$$&46$8$G$9!#(B(^^$B!6!!(BMac$B$K4X$9$k%;%-%e%j%F%#>pJs(B
$B$O$[$H$s$I4XCN$7$F$$$J$+$C$?$N$G!"$^$"NI$$6571$H$J$j$^$7$?!#(B
(B
$B!!$G$9$,!"$3$N$3$m$N(BMac(OpenTransport?)$B$O2?8N(Bpop$B$NA0$K(Bicmp$B$r!"$7$+$b$=$N(B
$BBg$-$5$,(B1500byte$B$HHs>o$KBg$-$J$b$NAw=P$7$F$$$?$N$G$7$g$&$M!)(B
(B
$B!!$H!"5?Ld$r;D$7$D$D!&!&!&(B
(B
(B-----------------------------------
(BKuniG$B!!!J$/$K$8!http://www.saposen.com/kuniG/
(Bhttp://www.g-sphere.net/
(B-----------------------------------
(B
(B
(B--
(B- $B$3$N%a%$%j%s%0%j%9%H$K4X$9$khttp://map.infoseek.co.jp/j.asp?u=WZHMYJPW&svx=971122

Follow-Ups:
- [stalk:00994] Re: Large ICMP : pop after icmp?!
  - From: Akira HANDA

Prev by Date: [stalk:00992] Re: [FYI] snort-1.8.2 released
Next by Date: [stalk:00994] Re: Large ICMP : pop after icmp?!
Previous by thread: [stalk:00988] Re: $B%/%i%C%+!<(B$BCm0UJs(B
Next by thread: [stalk:00994] Re: Large ICMP : pop after icmp?!
Index(es):
- Date
- Thread