From: Pugliese, Edward (s11018@SLK.COM)
Date: Tue Sep 23 2003 - 16:03:39 EDT
But Nachia is a Windows related worm. The packets are being generated on
my AIX host (maybe I wasn't specific enough in my description). I believe
they are coming from an app as opposed to an SA tool. I am just having a
difficult time correlating the packets to the original process. That is
what I am trying to get assistance in locating.
Thanks.
-----Original Message-----
From: Bill Verzal [mailto:BVerzal@KOMATSUNA.COM]
Sent: Tuesday, September 23, 2003 3:56 PM
To: aix-l@Princeton.EDU
Subject: Re: Tracking source of ICMP packet
If they are ICMP message "8" packets, you probably have the most recent
worm Nachia or the Worm it was trying too clean.
BV
--------------------------------------------------------
Bill Verzal
AIX Administrator, Komatsu America
(847) 970-3726 - direct
(847) 970-4184 - fax
|---------+---------------------------->
| | "Pugliese, |
| | Edward" |
| | <s11018@SLK.COM> |
| | Sent by: IBM AIX |
| | Discussion List |
| | <aix-l@Princeton.|
| | EDU> |
| | |
| | |
| | 09/23/2003 02:15 |
| | PM |
| | Please respond to|
| | IBM AIX |
| | Discussion List |
| | |
|---------+---------------------------->
>---------------------------------------------------------------------------
----------------------------------------------------|
|
|
| To: aix-l@Princeton.EDU
|
| cc:
|
| Subject: Tracking source of ICMP packet
|
>---------------------------------------------------------------------------
----------------------------------------------------|
I have tracked down the source of some pesky ICMP packets to a certain
host.
I have confirmed it is the specific host by running "iptrace" and seeing
the
specific IP address for the source and destination that is in question for
the "ECHO REQUEST". What I can not figure out is how to backtrack to the
process that is generating the ICMP packets. Any assistance in how I
might
do this would be appreciated.
Thanks,
Ed
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:14 EDT