February 27th, 2003 05:28 PM
That ladies and germs is the crux of the matter. Once should only see this type of traffic on
port 137. Anything else and one should start digging.
February 27th, 2003 05:25 PM
Nah this is an old hack. Any ids system worth it's salt ie: Blackice amongst others will pick this
up all the time. Only of concern if you were running services on an unprotected box.
February 27th, 2003 01:41 AM
Normally invalid ip flags are an illegal combination of tcp flags which are set in the 13th byte
of the tcp header. The first two bits of the byte used to reserved but are now used for congestion...
February 27th, 2003 01:36 AM
Inbound means a connection attempt to your computer from a remote computer.
Outbound means a connection attempt your computer is trying to make to a remote computer.
February 27th, 2003 12:52 AM
Keep an eye on Bugtraq over the next couple of weeks. I will be making a couple of posts there in regards to something I have been working on recently. Feel free to pm me anytime
at my listed mail...
February 26th, 2003 08:53 PM
This is indeed Grim's Ping doing it's work. Sorry for the lack of responses. I have given up
on this site due to the plethora of idiots who inhabit this space ie: TheFiend amongst others.
The...
February 23rd, 2003 01:27 AM
Yo "TheFiend" why don't you amaze us all with your knowledge. Post us a tutorial or three why don't ya. Hmmm wait a minute you haven't! Wonder of wonders. I know I have. Please
tell us how you were...
February 23rd, 2003 01:11 AM
Ummm to the moron who just told me to shup up I would recommend that you go download another tool you will never learn and or understand. You are the type of brainless idiot that gives this place a...
February 23rd, 2003 01:00 AM
The reversing polarity on tv made me think of this again so I will post my thoughts. To me it is
critically important that one understands the underlying theory of a concept. Whatever that concept...
February 23rd, 2003 12:53 AM
What you are now talking about is a transceiver. Your television is a "receiver" ie: will only receive and decode signals. It will not send them out.
February 23rd, 2003 12:15 AM
Here goes more detail, think of it as taking the toal opposite of something and smashing it together with it's opposite. You would get nothing for they cancel each other out. If this does
not...
February 22nd, 2003 11:55 PM
If you reverse the polarity of your tv set you would in effect cancel the signal and that is that.
You could also run the risk of blowing up your telly. I can pretty much guarantee you that you...
February 22nd, 2003 01:12 AM
If you don't want to bother with libpcap see the below noted url. This is an advanced tool in comparison with ethereal which is gui driven and geared to the...
February 22nd, 2003 12:27 AM
I recommend SuSE highly. It has an excellent record as well as compatibility being rarely an issue. It also helps simplify the job of locking it down if your not up on your security.
February 21st, 2003 11:44 PM
The router would not be scanning you computer per se. It is probably just arp traffic your seeing. ie: arp who has this ip 192.168.blah.blah
If you are being scanned I advise you to d/l a tool...
February 21st, 2003 09:48 PM
My recommendation to you is to d/l windump and libpcap which is it's dependency. Just google
for windump and both of the abv mentioned are there. Once installed take a look at the packets flying...
February 21st, 2003 12:17 AM
Both stacks have inherent flaws. I would give the edge to linux though, but not by much.
February 20th, 2003 08:02 PM
Yo! 10ded did you read my post in this thread. The one that precedes this one. It breaks down all the fields. Take a look.
February 20th, 2003 05:53 PM
This looks like "normal" netbios interrogation traffic. This should be on port 139. As for decoding it use a calculator such as the one supplied in windows. Click on view then click
on scientific....
February 20th, 2003 02:19 PM
02:07:15.196281 xxx.xxx.xxx.xxx.50464 > xxx.xxx.xxx.xxx.929: S [tcp sum ok] 878999699:878999699(0) win 4096 (ttl 41, id 20442, len 40)
0x0000 4500 0028 4fda 0000 2906 6ba6 xxxx xxxx...
February 20th, 2003 01:06 AM
Hmmm, crap I did not know that! Thanks for the tip. The ip addy you have is wrong though.
The first two octets are correct, the last two are not however :-)
February 19th, 2003 07:35 PM
Str43m3r, the r@p means nothing. It is empty ascii. It alludes to nothing vis a vis an ip addy.
February 4th, 2003 02:28 PM
Write the below noted acl into your router, and that will take care of it.
access-list 100 deny ip any any fragments
access-list 100 permit ip any any
January 31st, 2003 08:40 PM
If your telling me that you do both up to the level that is required I simply don't beleive you.
I have done both, and to do proper service to either one requires full time devotion to it. You...
