[Dshield] Any ideas?

van Niekerk Niel nielvanniekerk at oldmutual.com
Mon May 27 15:21:40 GMT 2002

Mark wrote:
>i ran a capture for about an hour on a win2k workstation segment, with 
>messenger on most machines, without a trace of one of these packets, got
>of directed packets.....to 1900 on the local gateway,  which responds with
>ICMP destination unreachable.

> Stopping the "plug and  pray" service silenced these packets.
Thanks, I will try this on a sample of machines to see what diffs it makes.
Going strictly according to the normal operation of PnP, this (even what you
observed) shouldn't happen, but then again we all know that all "features"
in all software are of course always fully documented...

>maybe if you do a less specific capture and see if you can see what prompts

>the traffic or responds to it.....
Yup good idea, although easier said than done. It is an entirely switched
environment and as you can imagine tracing these are rather low on the list
of priorities (with appropraite time and resource assignment). 
On the segments that I have been able to mirror switch ports and sniff so
far, I haven't captured anything that looks like it solicits or responds to
these packets...

Thanks for the ideas.


The contents of this message and any attachments are 
intended solely for the addressee's use and may be legally 
privileged and/or confidential. If you are not the 
addressee indicated in this message, any retention,
distribution, copying or use of this message is strictly
prohibited. If you received this message in error, kindly
notify the sender immediately by reply e-mail and then
destroy the message and any copies thereof.

Opinions, conclusions and other information in this 
message must be understood as neither given nor 
endorsed by Old Mutual Banking Services and may be 
personal to the sender. Since e-mail communication
cannot be guaranteed to be secure, Old Mutual Banking
Services does not make any representation or give any 
guarantee concerning the confidentiality, security,
accuracy or completeness of any e-mail. Any liability for
viruses is excluded to the fullest extent permitted by law.


More information about the list mailing list