Jump to content

 Network Recon Payload unknown(?) ICMP/NTP traffic. Help please


Recommended Posts

Running payload Network Recon Payload with email exfiltration, I am getting traffic from the SharkJack that i am trying to understand. I am monitoring the traffic and when it runs the payload I get two ICMP type 3 code 3 messages. Each message is to a different address. Each time I run the payload the destination address changes to seemingly random addresses. the source port is 123 and the destination port is random (also seems backward to me). I don't see where any of this is part of the script. So i have some questions:

1. Does anyone know if this is part of Sharkjack normal behavior? (running 1.1.0 firmware)

2. Does anyone Know if this is part of the payload? if so where is it pulling the ip addresses or hostnames from?

I have installed Mutt, curl, msmtp, via Opkg if that matters. This traffic seems suspicious as it is not advertised well in any of the payload descriptions. 

 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...