|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Joe McAlerney (joey
SILICONDEFENSE.COM)Date: Mon Apr 02 2001 - 13:46:53 CDT
We saw something similar quite a few months ago. I did a little
research and found that others have seen this pattern and it was not
most likely not an OS detection scan. These were malformed IP packets
containing HTTP GET requests. 18245 (0x4745) is GE and 21536 (0x5420)
is T and a space.
-Joe M.
-- | Joe McAlerney joey> Jim Franzen wrote: > > Hi all. > > Snort picked up this earyler today: > > Apr 2 15:40:29 212.105.28.137:18245 -> x.x.x.x:21536 NOACK **U*PRS* > Apr 2 15:40:35 212.105.28.137:1533 -> x.x.x.x:443 SYN ******S* > Apr 2 15:40:51 212.105.28.137:18245 -> x.x.x.x:21536 INVALIDACK > *2UA*R*F RESERVEDBITS > Apr 2 15:40:56 212.105.28.137:18245 -> x.x.x.x:21536 INVALIDACK > *2UA**S* RESERVEDBITS > Apr 2 15:40:56 212.105.28.137:0 -> x.x.x.x:0 NULL ******** > > Anyone who can cast some light on this for me? > Is this a known attack or just jibberish? > > Thnx > > /Jim > > > VOGON AB > Smidesvägen 7, Box 1301, S-172 26 SUNDBYBERG, Sweden > Phone: +46-8-627 48 02 Celluar: +46-709-26 86 89 Fax: +46-8-627 48 99 > email: jim
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]