|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: [snort] Anybody got a clue
From: Ralf Hildebrandt (R.Hildebrandt
tu-bs.de)Date: Sat Mar 04 2000 - 09:03:15 CST
- Next message: Max Vision: "Re: [snort] Anybody got a clue"
- Previous message: Mullen, Patrick: "RE: [snort] networks under different CIDR blocks"
- Next in thread: Max Vision: "Re: [snort] Anybody got a clue"
- Reply: Max Vision: "Re: [snort] Anybody got a clue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Today the following was logged:
[**] Tiny Fragments - Possible Hostile Activity [**]
03/03-13:32:20.028959 128.223.83.24 -> 224.2.163.188
UDP TTL:113 TOS:0x0 ID:39530 MF
Frag Offset: 0x0 Frag Size: 0x68
04 16 5D 10 01 54 B1 96 80 00 B3 7F 22 C3 8D B9 ..]..T......"...
F4 99 E2 89 B2 A4 A6 C1 C1 A9 AA C5 A7 9E A4 A6 ................
AA AC AF AC A9 AD AB BA BE A8 AD B0 B8 FE E7 CD ................
B8 DB 4A 68 54 68 39 39 39 29 3F 4E 31 31 37 3B ..JhTh999)?N117;
3D 4A D3 4E 46 CD BA B6 CD BA AF AF 5C 39 FE 3B =J.NF.......\9.;
46 5C 3B 4E 68 3F 4A FE 39 2F 2A 20 27 2F 1E 1D F\;Nh?J.9/* '/..
2A 27 1D 1A 1C 1A 19 22 *'....."
I got 201 packets of Frag Size: 0x68 and 16672 of Frag Size: 0x30
All packets begin with:
04 16 5D 10 01 54 ..]..T
Anybody got a clue what that is?
-- Ralf Hildebrandt <R.Hildebrandt
- application/pgp-signature attachment: stored
- Next message: Max Vision: "Re: [snort] Anybody got a clue"
- Previous message: Mullen, Patrick: "RE: [snort] networks under different CIDR blocks"
- Next in thread: Max Vision: "Re: [snort] Anybody got a clue"
- Reply: Max Vision: "Re: [snort] Anybody got a clue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]