[unisog] ICMP Worm activity?
dittrich at u.washington.edu
Mon Nov 22 21:00:04 GMT 2004
> Is anyone aware of worm activity that randomly spoofs the source address,
> and the ICMP type in a DoS?
I think you might be talking about two different things. There are
plenty of DDoS tools that do ICMP floods (sometimes forging lots of
parts of the packet), but I don't know of any worms that *propagate*
via ICMP. It may not be a worm, but perhaps just a "blended threat"
that propagates widely, like Agobot/Phatbot.
Dave Dittrich Information Assurance Researcher,
dittrich at u.washington.edu The iSchool
http://staff.washington.edu/dittrich University of Washington
PGP key http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint FE97 0C57 0843 F3EB 49A1 0CD0 8E0C D0BE C838 CCB5
More information about the unisog