Slashdot Mirror

← Back to Stories (view on slashdot.org)

Museum Of Broken Packets

Posted by ryuzaki0 on from the put-them-on-a-milk-carton dept.

hobbicik writes: "Quote from the page: 'The purpose of this museum is to provide a shelter for strange, unwanted, malformed packets - abandoned and doomed freaks of nature - as we, mere mortals, meet them on twisted paths of our grand journey called life.'" Interesting and amusing idea. Most of the wasted packets I get are IIS worm attempts -- not nearly as interesting.

2 of 127 comments (clear)

  1. Causes of mal-formed packets by sstammer · · Score: 5, Informative
    For some causes of mal-formed packets, see this paper


    Tim

  2. Re:Paranoid? Or are they really out to get us? by monkeydo · · Score: 5, Informative

    tcptraceroute works by sending syn packets with incremented TTL's to publicly available servers on port 80 (or other public port). This passes firewalls because they are configured to allow traffic to these servers (hence "publicly available")

    Again, this will not work if your firewall drops the outbound ICMP packets. In the case of tcptraceroute you will eventually get an ACK back from the server, so you will know how many hops it behind the firewall, but no other information.

    The hotmail trick is somewhat more insidious because it is used in the midst of a session the firewall will usually pass the traffic to a normally protected (even NAT'd) host.

    Both are easily blocked with outbound filters.

    --
    Si vis pacem, para bellum
    The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian