[prev in list] [next in list] [prev in thread] [next in thread] 

List:       incidents
Subject:    Re: Strange Activity -- Help
From:       Antonio Carlos Pina <apina () infolink ! com ! br>
Date:       2001-02-23 2:12:47
[Download RAW message or body]

Hello,

IGMP packets are also used to "nuke" IRC users. I've seen many users
"nuking" each other using IGMP, but they use LOTS of packets. Windows 2000
also send this kind of traffic when running "Windows Media Encoder and
Broadcaster" application.

Regards,
Cordialmente,
Antonio Carlos Pina
Diretor de Tecnologia
INFOLINK Internet
http://www.infolink.com.br

----- Original Message -----
From: "Daniel Martin" <dtmartin24@HOME.COM>
To: <INCIDENTS@SECURITYFOCUS.COM>
Sent: Wednesday, February 21, 2001 10:17 PM
Subject: Re: Strange Activity -- Help


> "Nanney, Jim" <JNanney@XETADEV.COM> writes:
>
> > Feb 21 09:54:32 nanlinux kernel: Packet log: input REJECT eth0 PROTO=2
>                                                                  ^^^^^^^
> > 192.168.100.1:65535 224.0.0.1:65535 L=28 S=0xC0 I=0 F=0x0000 T=1 (#5)
>
> IP Protocol 2 is "igmp".  (as opposed to TCP or UDP, for example)  One
> consequence of this is that the port numbers given in the log line are
> meaningless.
>
> I don't quite know everything that igmp is used for, but one of the
> things it's used for is to announce to a router (via broadcast
> packets) "the machine at address xx.xx.xx.xx is willing to receive
> multicast IP packets destined for yy.yy.yy.yy" (Here, xx.xx.xx.xx ==
> 192.168.100.1 and yy.yy.yy.yy == 224.0.0.1)
>

[prev in list] [next in list] [prev in thread] [next in thread]