|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jon Gary (jgary
CLICKTOSECURE.COM)Date: Fri Jan 12 2001 - 12:46:45 CST
Off the cuff (and I'm totally guessing here, since I don't have the time to
check for sure) I'd say that this could be some sort of TCP NULL scan,
similar to the one that nmap does. By sending a packet with no TCP flags
set, you can determine if a port is open. If the port is open, you will
receive no response, but if it is closed, you will get a reset.
Jon Gary
Click To Secure, Inc.
http://www.clicktosecure.com/
-----Original Message-----
From: Focus on Intrusion Detection Systems
[mailto:FOCUS-IDSSECURITYFOCUS.COM]On Behalf Of Andrea Barisani
Sent: Friday, January 12, 2001 8:22 AM
To: FOCUS-IDSSECURITYFOCUS.COM
Subject: Odd tcp packets with zeroed flags
Hi to all!
Does anyone could explain to me the meaning of this packets?
I'm receiving them every day and always to the same from different
hosts...
Here's the dump of some of them:
01/12-12:23:39.033146 0:E0:1E:9C:D2:81 -> 8:0:20:B0:C7:F1 type:0x800
len:0x5FC
x.x.x.x:0 -> server:0 TCP TTL:125 TOS:0x10 ID:39706 IpLen:20
DgmLen:1480
******** Seq: 0x0 Ack: 0x0 Win: 0x0 TcpLen: 0
................ ...............................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
........................................................H...H...
P.J.b.J.........................................................
........................ .......................................
................................................................
................................................................
................................................................
................................................................
....................2> &nbs
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
01/12-12:36:22.482601 0:E0:1E:9C:D2:81 -> 8:0:20:B0:C7:F1 type:0x800
len:0x5FC
x.x.x.x:0 -> server:0 TCP TTL:125 TOS:0x0 ID:5635 IpLen:20
DgmLen:1480
******** Seq: 0x0 Ack: 0x0 Win: 0x0 TcpLen: 0
................ ...............................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
........................................................H...H...
..J...J.........................................................
........................ .......................................
................................................................
................................................................
................................................................
................................................................
....................anti (sono n
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
01/12-12:36:22.667276 0:E0:1E:9C:D2:81 -> 8:0:20:B0:C7:F1 type:0x800
len:0x5FC
x.x.x.x:0 -> server:0 TCP TTL:125 TOS:0x0 ID:5891 IpLen:20
DgmLen:1480
******** Seq: 0x0 Ack: 0x0 Win: 0x0 TcpLen: 0
................ ...............................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
........................................................H...H...
. J.. J.........................................................
........................ .......................................
................................................................
................................................................
................................................................
................................................................
..................../DIV>..<DIV>
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
01/12-12:36:22.852458 0:E0:1E:9C:D2:81 -> 8:0:20:B0:C7:F1 type:0x800
len:0x5FC
x.x.x.x:0 -> server:0 TCP TTL:125 TOS:0x0 ID:6147 IpLen:20
DgmLen:1480
******** Seq: 0x0 Ack: 0x0 Win: 0x0 TcpLen: 0
................ ...............................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
........................................................H...H...
.*J..*J.........................................................
........................ .......................................
................................................................
................................................................
................................................................
................................................................
...................., ecc. NO SA
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Thanks for any help...
Bye
------------------------------------------------------------
INFIS Network Administrator & Security Officer
Department of Physics - University of Trieste
lcarsinfis.univ.trieste.it - PGP Key 0x8E21FE82
------------------------------------------------------------
"How would you know I'm mad?" said Alice.
"You must be,'said the Cat,'or you wouldn't have come here."
------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]