|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: jared mc (bugtraqlist
hotmail.com)Date: Tue Nov 13 2001 - 10:04:37 CST
We have found the same thing with our Cisco IDS systems. I was able to
recreate this 0.0.0.0 bug when I would use Nmap SYN scans to browse through
our network. The data was sent into Cisco and I believe they knew it was a
bug with their latest update. I have no idea if/when a bug fix will be
released :)
-Jared
>From: "Geoff Poer" <gpoertick.Telcom.Arizona.EDU>
>Reply-To: <gpoertick.telcom.arizona.edu>
>To: <incidentssecurityfocus.com>
>Subject: Strange TCP Sweep to 0.0.0.0
>Date: Fri, 9 Nov 2001 10:34:30 -0700
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Our Cisco Secure IDS (that lives outside the firewall) is picking up
>some strange traffic off one of our Netscreen Firewalls. The Src
>addresses are the un-trusted interface addresses assigned to the
>Netscreen. Has any one seen something like this before? Is it a bug
>or am I seeing something interesting?
>
>Date Sensor Signature Sub Sig Description Severity Src Address Src
>Port Dst Address Dst Port
>2001-10-26 08:51:24 3 3030 0 TCP SYN Host Sweep 2 my.net.com 2028
>0.0.0.0 0
>2001-10-26 08:55:24 3 3030 0 TCP SYN Host Sweep 2 my.net.com 1610
>0.0.0.0 0
>2001-10-26 09:17:24 3 3030 0 TCP SYN Host Sweep 2 my.net.com 1100
>0.0.0.0 0
>2001-10-26 09:21:20 3 3030 0 TCP SYN Host Sweep 2 my.net.com 1058
>0.0.0.0 0
>2001-10-26 09:23:21 3 3030 0 TCP SYN Host Sweep 2 my.net.com 1707
>0.0.0.0 0
>2001-10-26 09:25:23 3 3030 0 TCP SYN Host Sweep 2 my.net.com 1133
>0.0.0.0 0
>2001-10-26 09:27:21 3 3030 0 TCP SYN Host Sweep 2 my.net.com 1959
>0.0.0.0 0
>2001-10-26 10:33:21 3 3030 0 TCP SYN Host Sweep 2 my.net.com 1448
>0.0.0.0 0
>- --------Cut--------
>
>(other address assigned to interface)
>2001-11-02 09:24:24 3 3030 0 TCP SYN Host Sweep 2 my2.net.com 1886
>0.0.0.0 0
>2001-11-02 09:54:20 3 3030 0 TCP SYN Host Sweep 2 my2.net.com 1197
>0.0.0.0 0
>2001-11-02 10:48:23 3 3030 0 TCP SYN Host Sweep 2 my2.net.com 1779
>0.0.0.0 0
>2001-11-02 11:29:24 3 3030 0 TCP SYN Host Sweep 2 my2.net.com 1152
>0.0.0.0 0
>2001-11-02 11:49:20 3 3030 0 TCP SYN Host Sweep 2 my2.net.com 1286
>0.0.0.0 0
>
>What ever it is it is not terribly fast. The dates are inconsistent
>in this email but they are actually occurring everyday with similar
>frequency.
>
>thanks,
>Geoff
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
>
>iQA/AwUBO+wRgnJYBcIyrSGLEQJBNgCg4BuqFioMAitq5Lk+3qTiLYk6lbwAn33p
>iesT5XGxthCxSARQdCQYKpaL
>=Zj26
>-----END PGP SIGNATURE-----
>
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus ARIS analyzer service.
>For more information on this free incident handling, management
>and tracking system please see: http://aris.securityfocus.com
>
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]