93 666TCP 19 = CHARGENTCP 666 = DOOMIDIC - SANS GIAC LEVELTWO ©2000, 2001 33THIS IS PROBABLY JUST A PROBE BY SOMEONE SO BORED THAT THEY ARE SIMPLY LOOKING FOR SOMEONE TO FLASH (AS IN FLASH
12/03/97 02:41:55
206.256.199.8
19 -> 147.168.130.93
666
TCP 19 = Chargen
TCP 666 = Doom
IDIC - SANS GIAC LevelTwo
©2000, 200133
This is probably just a probe by someone so bored that they are simply looking for someone to flash (as in flash.c). This attack is simply to send characters to the screen to mess up the user’s window. Note that two address families are shown in your slide; this was a pretty large scan. Doom is an older game that uses a default port of 666.Is this an asymmetric attack or a symmetric attack? __________________If this is a response, can you describe the stimulus packet?