Pingback: ICMP Tunneling Malware

By Keith Jones, Anthony Kasza and Ben Reardon, Security Researchers, Corelight Introduction Recently, Trustwave reported on a new malware family which they discovered during a breach investigation. The backdoor, dubbed Pingback, executes on Windows sys… Continue reading Pingback: ICMP Tunneling Malware

Is disabling IPv6 an effective workaround for "Bad Neighbor" Vulnerability (CVE-2020-16898)?

CVE-2020-16898 is a remote code execution vulnerability caused by the improper handling of ICMPv6 Router Advertisement packets by Windows TCP/IP stack. Microsoft’s recommended workaround is to disable ICMPv6 RDNSS component.
My question is… Continue reading Is disabling IPv6 an effective workaround for "Bad Neighbor" Vulnerability (CVE-2020-16898)?

Community detection: CVE-2020-16898

By Ben Reardon, Corelight Security Researcher This month’s Microsoft Patch Tuesday included a severe Remote Code Execution vulnerability in the way that Windows TCP/IP handles IPv6 “Router Advertisement” ICMP messages. Due to the severity and wide scop… Continue reading Community detection: CVE-2020-16898

I am seeing ICMP type 3 error message from my firewall logs. However , I am unable to find the original request sent to that external IP [closed]

No matching connection for ICMP error message: icmp src inside: X.X.X.98 dst outside: X.X.X.11 (type 3, code 2) on inside interface. Original IP payload: udp src X.X.X.11/53 dst X.X.X.98/52906.
Can somebody please help me understand the ca… Continue reading I am seeing ICMP type 3 error message from my firewall logs. However , I am unable to find the original request sent to that external IP [closed]

I can’t find my switch’s ip by both ARP and ICMP protocols scan with nmap [closed]

My switch is a TP-Link TL-SG105E perfectly function, but I can’t access to it because it’s like hidden somehow from the network.

I used tools like:

netdiscover -I wlp2s0 -r 192.168.0.0/24
nmap -PR 192.168.1.0/24
nmap -SP 192.168.1.0/24… Continue reading I can’t find my switch’s ip by both ARP and ICMP protocols scan with nmap [closed]