ICMP echo identifier
CS Lee
geek00l at gmail.com
Sun Nov 18 07:50:36 EST 2007
Hi Carter,
Lately I have played around quite a few of scanning tools and it seems to be
interesting that the ICMP ping sweeping can be easily identified by
performing the tracking of the identifier, and I have one request, if we
have already kept track of the tcp connection setup, maybe adding icmp echo
identifier as one of the flow metric can be useful especially in the way of
identifying large scale of network scanning that launched by specific tools.
Anyway it is just my idea, sorry to hesitate you again since I have nothing
to do but argus on Sunday.
Thanks ;]
--
Best Regards,
CS Lee<geekooL[at]gmail.com>
http://geek00l.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20071118/223d6ee0/attachment.html>
More information about the argus
mailing list