[nsp-sec] Bracing For Impact... MS08-067

[Chris Calvert]

Interesting, yes... In particular:

Name:    hk-in-f147.google.com
Address:  64.233.189.147

(Thanks MArc)

These IP addresses are just getting pinged with the "abcde12345fghij6789" payload, right?

212.227.93.146
64.233.189.147
202.108.22.44
66.45.237.219
59.106.116.229
69.162.76.42

Chris 

> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net 
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Tom Fischer
> Sent: Friday, October 24, 2008 9:43 AM
> To: Nicholas Ianelli
> Cc: nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] Bracing For Impact... MS08-067
> 
> ----------- nsp-security Confidential --------
> 
> Hi,
> 
> On Fri, Oct 24, 2008 at 10:33:51AM -0400, Nicholas Ianelli wrote:
> > > 212.227.93.146
> > > 64.233.189.147
> > > 202.108.22.44
> > 
> > Yes, there are some interesting IPs in that list. At this 
> point all I
> > know is that the list of three IP addresses listed above get sent an
> > ICMP packet.
> 
> anyone able to provide a PCAP of such a ICMP packet - or is it just a
> normal icmp echo request? (There's a lot of icmp recho request traffic
> toward 212.227.93.146 (goole.com) - but hard to tell if it's malware
> related or just typo stuff ... 
> 
> -- 
> Tom Fischer
> BFK edv-consulting GmbH                  tel: +49 721 962 01-1
> Kriegsstr. 100, D-76133 Karlsruhe        fax: +49 721 962 01-99
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the 
> nsp-security
> community. Confidentiality is essential for effective 
> Internet security counter-measures.
> _______________________________________________
>