-
April 1st, 2004, 01:08 AM
#1
Junior Member
Packets
The intruder is fully blocked .the packet filter is on,no activity.some how he keep the packets in there ,he can manipulate there byte sizes,he can trigger them .what is it how do i counter it?loopback packets>living packets?he is doing the "bootp"thing and all help meee,the attachment is a smaple of what im getting
-
April 1st, 2004, 01:19 AM
#2
Ummm.
Slow down, and you're going to need to explain your situation a little better.
Who is the intruder?
What packet filter is on?
How is your network configured?
What is "he" doing to the packets?
Living packets= TTL?
Real security doesn't come with an installer.
-
April 1st, 2004, 01:28 AM
#3
Junior Member
??
what do you mean who is the intruder,do you want the mac address?lets just concentrate on the packet capture :its like hes built a "living stream he forces bytes through the packets its like its at his whim lets go from here?plz
-
April 1st, 2004, 01:34 AM
#4
Junior Member
ok ok ok
I DO BELIEVE IT IS TTL PACKETS YES!!(its like the packets are trapped in loop he can manipulate there byte sizes and trigeer them to)
-
April 1st, 2004, 01:35 AM
#5
screwedn2,
You have posted like 8 times and i`ve read all and can`t understand any.
If you carefully word your questions you will prolly get better answers.
Mike
NORML
Signature image is too tall!
-
April 1st, 2004, 01:35 AM
#6
Sorry, I didn't see the packet capture when I started my post...
I'm looking at the capture right now. I'll get back to you in a little while.
Real security doesn't come with an installer.
-
April 1st, 2004, 04:11 AM
#7
I'm still working on it... I may not be finished for a while, I have a screaming 2 year old on my leg right now...
Real security doesn't come with an installer.
-
April 1st, 2004, 04:41 AM
#8
Junior Member
thx
i think it might be ddos ip spoffed with TTl i could give you more or vetter packet samples thankx much for the help
-
April 1st, 2004, 10:36 AM
#9
The pac.txt file only contains a single ACK packet originating from an adserver.
This is probably a response to some request you made.
I don't see anything hostile.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
April 1st, 2004, 01:59 PM
#10
Junior Member
ok the packet sample sucked but i have been compromised ,so-far in "our latest session" i have captured 4,300,000 packets in about 1/2 an hour
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|