Printable View
The intruder is fully blocked .the packet filter is on,no activity.some how he keep the packets in there ,he can manipulate there byte sizes,he can trigger them .what is it how do i counter it?loopback packets>living packets?he is doing the "bootp"thing and all help meee,the attachment is a smaple of what im getting
Ummm.
Slow down, and you're going to need to explain your situation a little better.
Who is the intruder?
What packet filter is on?
How is your network configured?
What is "he" doing to the packets?
Living packets= TTL?
what do you mean who is the intruder,do you want the mac address?lets just concentrate on the packet capture :its like hes built a "living stream he forces bytes through the packets its like its at his whim lets go from here?plz
I DO BELIEVE IT IS TTL PACKETS YES!!(its like the packets are trapped in loop he can manipulate there byte sizes and trigeer them to)
screwedn2,
You have posted like 8 times and i`ve read all and can`t understand any.
If you carefully word your questions you will prolly get better answers.
Mike
Sorry, I didn't see the packet capture when I started my post...
I'm looking at the capture right now. I'll get back to you in a little while. :)
I'm still working on it... I may not be finished for a while, I have a screaming 2 year old on my leg right now...
i think it might be ddos ip spoffed with TTl i could give you more or vetter packet samples thankx much for the help
The pac.txt file only contains a single ACK packet originating from an adserver.
This is probably a response to some request you made.
I don't see anything hostile.
ok the packet sample sucked but i have been compromised ,so-far in "our latest session" i have captured 4,300,000 packets in about 1/2 an hour