[unisog] ICMP Worm activity?

Joel Gridley jarmaug at tufts.edu
Mon Nov 22 20:24:21 GMT 2004



When you say "randomly spoofs the source", do you mean random source
IP's from the local network? Or do you mean completely random?

We've seen the spoofing on the local subnet, about 6 months or so ago.
The name of the worm escapes me, but I do recall our networkers having
to scramble and use non-usual tactics to figure out the culprit due
to them spoofing the local subnet.

-j



On Mon, 22 Nov 2004, DelVecchio, Anthony R. allegedly wrote:

> Is anyone aware of worm activity that randomly spoofs the source address,
> and the ICMP type in a DoS?
>
>
>
>
>
> Tony DelVecchio
>
> Network Security Manager
>
> University of St Thomas
>
> St Paul, Mn
>
>
>
>
>
>
>
>
>
>
>
>
>
>



More information about the unisog mailing list