Smurf and TCP FIN Scan

  woodchip 23:24 13 Mar 2006

So I now they are port scanners etc but I do not know if they are reading anything

Smurf ATM1



I do have Router Firewall, I found these in the Log

  [DELETED] 00:25 14 Mar 2006

"A smurf attacker sends PING requests to an Internet broadcast address. These are special addresses that broadcast all received messages to the hosts connected to the subnet. Each broadcast address can support up to 255 hosts, so a single PING request can be multiplied 255 times. The return address of the request itself is spoofed to be the address of the attacker's victim. All the hosts receiving the PING request reply to this victim's address instead of the real sender's address. A single attacker sending hundreds or thousands of these PING messages per second can fill the victim's line with ping replies, bring the entire Internet service to its knees." Got that from Here, click here

FIN scanning
In FIN scanning, due to a poor networking code in the kernel of many Operating Systems, if TCP FIN packet is sent to a port and the port replies with a TCP RST packet, then the port is closed. If there is no TCP RST packet returned, then the port is listening. Got this from here,click here

Hope this is what your asking Woodchip. Sorry if it is not.

  [DELETED] 02:59 14 Mar 2006

i remember the last time tiscai had a smurf attact it crashed there network it wasnt to long ago

  woodchip 09:59 14 Mar 2006

Yes they are similar things to what I found, But I looks like they was aimed at my XP laptop on a Router Firewall with ping not to respond. So in stealth mode, but I have had more smurf's than TCP Fin

  woodchip 10:23 14 Mar 2006

Also had Smurf and Fin outbound, could this be anything to do with Router and Wireless Laptop connection.

  [DELETED] 11:13 14 Mar 2006

Just had a look at our Firewall and router(not wireless).

I haven't got any smurf's or Fin's.

  woodchip 15:39 14 Mar 2006

This is one in my log

2006.03.12 05:08:27 **Smurf**, 23038->>, 1026 (from ATM1 Inbound)

and this the other type

2006.03.08 10:45:21 **TCP FIN Scan**, 2542->>, 80 (from ATM1 Outbound)

also this type

2006.03.05 12:22:01 **Smurf**>>, Type:3, Code:3 (from ATM1 Outbound)

  woodchip 19:05 14 Mar 2006

Not but nobody seems to know

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Microsoft Surface Book 2 15in review

Illustrator Amy Grimes on how setting up her own eco-brand led to success with clients too

MacBook Pro keyboard issues and other problems

Test : l’enceinte connectée HomePod d’Apple