[nsp-sec] Bracing For Impact... MS08-067

Nicholas Ianelli ni at cert.org
Fri Oct 24 12:24:48 EDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Negative, ICMP only to:

>>>> 212.227.93.146
>>>> 64.233.189.147
>>>> 202.108.22.44

Nick


hris Calvert wrote:
> Interesting, yes... In particular:
> 
> Name:    hk-in-f147.google.com
> Address:  64.233.189.147
> 
> (Thanks MArc)
> 
> These IP addresses are just getting pinged with the "abcde12345fghij6789" payload, right?
> 
> 212.227.93.146
> 64.233.189.147
> 202.108.22.44
> 66.45.237.219
> 59.106.116.229
> 69.162.76.42
> 
> Chris 
> 
>> -----Original Message-----
>> From: nsp-security-bounces at puck.nether.net 
>> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Tom Fischer
>> Sent: Friday, October 24, 2008 9:43 AM
>> To: Nicholas Ianelli
>> Cc: nsp-security at puck.nether.net
>> Subject: Re: [nsp-sec] Bracing For Impact... MS08-067
>>
>> ----------- nsp-security Confidential --------
>>
>> Hi,
>>
>> On Fri, Oct 24, 2008 at 10:33:51AM -0400, Nicholas Ianelli wrote:
>>>> 212.227.93.146
>>>> 64.233.189.147
>>>> 202.108.22.44
>>> Yes, there are some interesting IPs in that list. At this 
>> point all I
>>> know is that the list of three IP addresses listed above get sent an
>>> ICMP packet.
>> anyone able to provide a PCAP of such a ICMP packet - or is it just a
>> normal icmp echo request? (There's a lot of icmp recho request traffic
>> toward 212.227.93.146 (goole.com) - but hard to tell if it's malware
>> related or just typo stuff ... 
>>
>> -- 
>> Tom Fischer
>> BFK edv-consulting GmbH                  tel: +49 721 962 01-1
>> Kriegsstr. 100, D-76133 Karlsruhe        fax: +49 721 962 01-99
>>
>>
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the 
>> nsp-security
>> community. Confidentiality is essential for effective 
>> Internet security counter-measures.
>> _______________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAkkB9tAACgkQi10dJIBjZIATKwCffH0RNMI70DGgjvpFKxWvvx7h
CtEAniRHDzGLUcuvApCoA8QcwRuDhKVu
=MN8j
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list