WANG2 JFIF Snort traffic
Posted by creining | Filed under Security
I’ve seen some odd ICMP traffic on some IDSes that I manage. It wasn’t malicious per se, but it was intriguing as it had the string “WANG2…..JFIF” in it’s payload. Well, lo and behold it is our friends at Microsoft who use pings, that contain an image of their own name, that are sent from w2k and xp boxes to a domain controller in order to determine the link speed so either a roaming policy or group policy is applied.
Comments are closed.