Full Disclosure mailing list archives
Positive Technologies DCOM Buffer Overflow2 Signatures/Packets
From: "Eric Hines" <loki () fatelabs com>
Date: Thu, 11 Sep 2003 15:43:24 -0500
All: Here are packets from the PT scanner for the DCOM buffer overflow for those of you wanting to create some signatures for it. I've provided a few signature attempts herein as well. Any feedback or suggestions on my signatures are appreciated. alert tcp $EXTERNAL_NET any -> $HOME_NET 135 (msg:"RPC/DCOM Exploit Attempt (MS03-039) - PTScanner Tool"; content:"|46 EA 21 6B 9F 25 0D 79 18 50 18|"; flow:to_server,established; classtype:bad-unknown; reference:url,www.appliedwatch.com; sid:2000000; rev:1;) alert tcp $EXTERNAL_NET any -> $HOME_NET 135 (msg:"RPC/DCOM Exploit Attempt (MS03-039) - PTScanner Tool"; content:"|5C 00 70 00 75 00 62 00 6C 00 69 00 63 00 5C 00|"; flow:to_server,established; classtype:bad-unknown; reference:url,www.appliedwatch.com; sid:2000001; rev:1;) alert tcp $EXTERNAL_NET any -> $HOME_NET 135 (msg:"RPC/DCOM Exploit Attempt (MS03-039) - PTScanner Tool"; content:"|61 00 64 00 65 00 76 00 5F 00 78 00 00 00 36 00|"; flow:to_server,established; classtype:bad-unknown; reference:url,www.appliedwatch.com; sid:2000002; rev:1;) =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:44.348266 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x3E 192.168.0.200:2783 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48486 IpLen:20 DgmLen:48 DF ******S* Seq: 0xFB1F05AB Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1334 NOP NOP SackOK 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 30 BD 66 40 00 80 06 BA E0 C0 A8 00 C8 C0 A8 .0.f@........... 0x0020: 00 68 0A DF 00 87 FB 1F 05 AB 00 00 00 00 70 02 .h............p. 0x0030: 40 00 B4 EB 00 00 02 04 05 36 01 01 04 02 @........6.... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:44.348658 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800 len:0x3E 192.168.0.104:135 -> 192.168.0.200:2783 TCP TTL:128 TOS:0x0 ID:44505 IpLen:20 DgmLen:48 DF ***A**S* Seq: 0x74960752 Ack: 0xFB1F05AC Win: 0x43BE TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK 0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00 ...X8q....a...E. 0x0010: 00 30 AD D9 40 00 80 06 CA 6D C0 A8 00 68 C0 A8 .0..@....m...h.. 0x0020: 00 C8 00 87 0A DF 74 96 07 52 FB 1F 05 AC 70 12 ......t..R....p. 0x0030: 43 BE 34 B6 00 00 02 04 05 B4 01 01 04 02 C.4........... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:44.348693 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x36 192.168.0.200:2783 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48487 IpLen:20 DgmLen:40 DF ***A**** Seq: 0xFB1F05AC Ack: 0x74960753 Win: 0x43BE TcpLen: 20 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 28 BD 67 40 00 80 06 BA E7 C0 A8 00 C8 C0 A8 .(.g@........... 0x0020: 00 68 0A DF 00 87 FB 1F 05 AC 74 96 07 53 50 10 .h........t..SP. 0x0030: 43 BE 61 7A 00 00 C.az.. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:44.357854 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x7E 192.168.0.200:2783 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48488 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xFB1F05AC Ack: 0x74960753 Win: 0x43BE TcpLen: 20 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 70 BD 68 40 00 80 06 BA 9E C0 A8 00 C8 C0 A8 .p.h@........... 0x0020: 00 68 0A DF 00 87 FB 1F 05 AC 74 96 07 53 50 18 .h........t..SP. 0x0030: 43 BE D3 8B 00 00 05 00 0B 03 10 00 00 00 48 00 C.............H. 0x0040: 00 00 53 53 56 41 D0 16 D0 16 00 00 00 00 01 00 ..SSVA.......... 0x0050: 00 00 00 00 01 00 E6 73 0C E6 F9 88 CF 11 9A F1 .......s........ 0x0060: 00 20 AF 6E 72 F4 02 00 00 00 04 5D 88 8A EB 1C . .nr......].... 0x0070: C9 11 9F E8 08 00 2B 10 48 60 02 00 00 00 ......+.H`.... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:44.358637 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800 len:0x72 192.168.0.104:135 -> 192.168.0.200:2783 TCP TTL:128 TOS:0x0 ID:44506 IpLen:20 DgmLen:100 DF ***AP*** Seq: 0x74960753 Ack: 0xFB1F05F4 Win: 0x4376 TcpLen: 20 0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00 ...X8q....a...E. 0x0010: 00 64 AD DA 40 00 80 06 CA 38 C0 A8 00 68 C0 A8 .d..@....8...h.. 0x0020: 00 C8 00 87 0A DF 74 96 07 53 FB 1F 05 F4 50 18 ......t..S....P. 0x0030: 43 76 C7 54 00 00 05 00 0C 03 10 00 00 00 3C 00 Cv.T..........<. 0x0040: 00 00 53 53 56 41 D0 16 D0 16 29 79 00 00 04 00 ..SSVA....)y.... 0x0050: 31 33 35 00 00 00 01 00 00 00 00 00 00 00 04 5D 135............] 0x0060: 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ..........+.H`.. 0x0070: 00 00 .. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:44.512377 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x36 192.168.0.200:2783 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48489 IpLen:20 DgmLen:40 DF ***A**** Seq: 0xFB1F05F4 Ack: 0x7496078F Win: 0x4382 TcpLen: 20 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 28 BD 69 40 00 80 06 BA E5 C0 A8 00 C8 C0 A8 .(.i@........... 0x0020: 00 68 0A DF 00 87 FB 1F 05 F4 74 96 07 8F 50 10 .h........t...P. 0x0030: 43 82 61 32 00 00 C.a2.. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:45.388193 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x36 192.168.0.200:2783 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48490 IpLen:20 DgmLen:40 DF ***A***F Seq: 0xFB1F05F4 Ack: 0x7496078F Win: 0x4382 TcpLen: 20 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 28 BD 6A 40 00 80 06 BA E4 C0 A8 00 C8 C0 A8 .(.j@........... 0x0020: 00 68 0A DF 00 87 FB 1F 05 F4 74 96 07 8F 50 11 .h........t...P. 0x0030: 43 82 61 31 00 00 C.a1.. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:45.388581 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800 len:0x3C 192.168.0.104:135 -> 192.168.0.200:2783 TCP TTL:128 TOS:0x0 ID:44508 IpLen:20 DgmLen:40 DF ***A**** Seq: 0x7496078F Ack: 0xFB1F05F5 Win: 0x4376 TcpLen: 20 0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00 ...X8q....a...E. 0x0010: 00 28 AD DC 40 00 80 06 CA 72 C0 A8 00 68 C0 A8 .(..@....r...h.. 0x0020: 00 C8 00 87 0A DF 74 96 07 8F FB 1F 05 F5 50 10 ......t.......P. 0x0030: 43 76 61 3D 00 00 FF FF FF FF FF FF Cva=........ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:45.388719 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800 len:0x3C 192.168.0.104:135 -> 192.168.0.200:2783 TCP TTL:128 TOS:0x0 ID:44509 IpLen:20 DgmLen:40 DF ***A***F Seq: 0x7496078F Ack: 0xFB1F05F5 Win: 0x4376 TcpLen: 20 0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00 ...X8q....a...E. 0x0010: 00 28 AD DD 40 00 80 06 CA 71 C0 A8 00 68 C0 A8 .(..@....q...h.. 0x0020: 00 C8 00 87 0A DF 74 96 07 8F FB 1F 05 F5 50 11 ......t.......P. 0x0030: 43 76 61 3C 00 00 FF FF FF FF FF FF Cva<........ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:45.388735 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x36 192.168.0.200:2783 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48491 IpLen:20 DgmLen:40 DF ***A**** Seq: 0xFB1F05F5 Ack: 0x74960790 Win: 0x4382 TcpLen: 20 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 28 BD 6B 40 00 80 06 BA E3 C0 A8 00 C8 C0 A8 .(.k@........... 0x0020: 00 68 0A DF 00 87 FB 1F 05 F5 74 96 07 90 50 10 .h........t...P. 0x0030: 43 82 61 30 00 00 C.a0.. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:45.889282 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x3E 192.168.0.200:2784 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48492 IpLen:20 DgmLen:48 DF ******S* Seq: 0xFB259E61 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1334 NOP NOP SackOK 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 30 BD 6C 40 00 80 06 BA DA C0 A8 00 C8 C0 A8 .0.l@........... 0x0020: 00 68 0A E0 00 87 FB 25 9E 61 00 00 00 00 70 02 .h.....%.a....p. 0x0030: 40 00 1C 2E 00 00 02 04 05 36 01 01 04 02 @........6.... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:45.889690 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800 len:0x3E 192.168.0.104:135 -> 192.168.0.200:2784 TCP TTL:128 TOS:0x0 ID:44510 IpLen:20 DgmLen:48 DF ***A**S* Seq: 0x749C9A46 Ack: 0xFB259E62 Win: 0x43BE TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK 0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00 ...X8q....a...E. 0x0010: 00 30 AD DE 40 00 80 06 CA 68 C0 A8 00 68 C0 A8 .0..@....h...h.. 0x0020: 00 C8 00 87 0A E0 74 9C 9A 46 FB 25 9E 62 70 12 ......t..F.%.bp. 0x0030: 43 BE 08 FE 00 00 02 04 05 B4 01 01 04 02 C............. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:45.889737 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x36 192.168.0.200:2784 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48493 IpLen:20 DgmLen:40 DF ***A**** Seq: 0xFB259E62 Ack: 0x749C9A47 Win: 0x43BE TcpLen: 20 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 28 BD 6D 40 00 80 06 BA E1 C0 A8 00 C8 C0 A8 .(.m@........... 0x0020: 00 68 0A E0 00 87 FB 25 9E 62 74 9C 9A 47 50 10 .h.....%.bt..GP. 0x0030: 43 BE 35 C2 00 00 C.5... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:45.899773 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x7E 192.168.0.200:2784 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48494 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xFB259E62 Ack: 0x749C9A47 Win: 0x43BE TcpLen: 20 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 70 BD 6E 40 00 80 06 BA 98 C0 A8 00 C8 C0 A8 .p.n@........... 0x0020: 00 68 0A E0 00 87 FB 25 9E 62 74 9C 9A 47 50 18 .h.....%.bt..GP. 0x0030: 43 BE 6B 89 00 00 05 00 0B 03 10 00 00 00 48 00 C.k...........H. 0x0040: 00 00 01 00 00 00 D0 16 D0 16 00 00 00 00 01 00 ................ 0x0050: 00 00 00 00 01 00 A0 01 00 00 00 00 00 00 C0 00 ................ 0x0060: 00 00 00 00 00 46 00 00 00 00 04 5D 88 8A EB 1C .....F.....].... 0x0070: C9 11 9F E8 08 00 2B 10 48 60 02 00 00 00 ......+.H`.... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:45.900385 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800 len:0x72 192.168.0.104:135 -> 192.168.0.200:2784 TCP TTL:128 TOS:0x0 ID:44511 IpLen:20 DgmLen:100 DF ***AP*** Seq: 0x749C9A47 Ack: 0xFB259EAA Win: 0x4376 TcpLen: 20 0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00 ...X8q....a...E. 0x0010: 00 64 AD DF 40 00 80 06 CA 33 C0 A8 00 68 C0 A8 .d..@....3...h.. 0x0020: 00 C8 00 87 0A E0 74 9C 9A 47 FB 25 9E AA 50 18 ......t..G.%..P. 0x0030: 43 76 43 31 00 00 05 00 0C 03 10 00 00 00 3C 00 CvC1..........<. 0x0040: 00 00 01 00 00 00 D0 16 D0 16 2A 79 00 00 04 00 ..........*y.... 0x0050: 31 33 35 00 00 00 01 00 00 00 00 00 00 00 04 5D 135............] 0x0060: 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ..........+.H`.. 0x0070: 00 00 .. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:46.017184 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x36 192.168.0.200:2784 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48495 IpLen:20 DgmLen:40 DF ***A**** Seq: 0xFB259EAA Ack: 0x749C9A83 Win: 0x4382 TcpLen: 20 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 28 BD 6F 40 00 80 06 BA DF C0 A8 00 C8 C0 A8 .(.o@........... 0x0020: 00 68 0A E0 00 87 FB 25 9E AA 74 9C 9A 83 50 10 .h.....%..t...P. 0x0030: 43 82 35 7A 00 00 C.5z.. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:46.930095 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x7C 192.168.0.200:2784 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48496 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xFB259EAA Ack: 0x749C9A83 Win: 0x4382 TcpLen: 20 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 6E BD 70 40 00 80 06 BA 98 C0 A8 00 C8 C0 A8 .n.p@........... 0x0020: 00 68 0A E0 00 87 FB 25 9E AA 74 9C 9A 83 50 18 .h.....%..t...P. 0x0030: 43 82 58 15 00 00 05 00 00 03 10 00 00 00 B0 03 C.X............. 0x0040: 00 00 01 00 00 00 98 03 00 00 00 00 04 00 05 00 ................ 0x0050: 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x0060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x0070: 00 00 90 05 14 00 68 03 00 00 68 03 ......h...h. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:47.101948 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800 len:0x3C 192.168.0.104:135 -> 192.168.0.200:2784 TCP TTL:128 TOS:0x0 ID:44512 IpLen:20 DgmLen:40 DF ***A**** Seq: 0x749C9A83 Ack: 0xFB259EF0 Win: 0x4330 TcpLen: 20 0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00 ...X8q....a...E. 0x0010: 00 28 AD E0 40 00 80 06 CA 6E C0 A8 00 68 C0 A8 .(..@....n...h.. 0x0020: 00 C8 00 87 0A E0 74 9C 9A 83 FB 25 9E F0 50 10 ......t....%..P. 0x0030: 43 30 35 86 00 00 FF FF FF FF FF FF C05......... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:47.102024 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x3A0 192.168.0.200:2784 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48498 IpLen:20 DgmLen:914 DF ***AP*** Seq: 0xFB259EF0 Ack: 0x749C9A83 Win: 0x4382 TcpLen: 20 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 03 92 BD 72 40 00 80 06 B7 72 C0 A8 00 C8 C0 A8 ...r@....r...... 0x0020: 00 68 0A E0 00 87 FB 25 9E F0 74 9C 9A 83 50 18 .h.....%..t...P. 0x0030: 43 82 3E BB 00 00 00 00 4D 45 4F 57 04 00 00 00 C.>.....MEOW.... 0x0040: A2 01 00 00 00 00 00 00 C0 00 00 00 00 00 00 46 ...............F 0x0050: 38 03 00 00 00 00 00 00 C0 00 00 00 00 00 00 46 8..............F 0x0060: 00 00 00 00 38 03 00 00 30 03 00 00 00 00 00 00 ....8...0....... 0x0070: 01 10 08 00 CC CC CC CC C8 00 00 00 00 00 00 00 ................ 0x0080: 30 03 00 00 D8 00 00 00 00 00 00 00 02 00 00 00 0............... 0x0090: 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00A0: 00 00 00 00 18 01 8D 00 B8 01 8D 00 00 00 00 00 ................ 0x00B0: 07 00 00 00 B9 01 00 00 00 00 00 00 C0 00 00 00 ................ 0x00C0: 00 00 00 46 AB 01 00 00 00 00 00 00 C0 00 00 00 ...F............ 0x00D0: 00 00 00 46 A5 01 00 00 00 00 00 00 C0 00 00 00 ...F............ 0x00E0: 00 00 00 46 A6 01 00 00 00 00 00 00 C0 00 00 00 ...F............ 0x00F0: 00 00 00 46 A4 01 00 00 00 00 00 00 C0 00 00 00 ...F............ 0x0100: 00 00 00 46 AD 01 00 00 00 00 00 00 C0 00 00 00 ...F............ 0x0110: 00 00 00 46 AA 01 00 00 00 00 00 00 C0 00 00 00 ...F............ 0x0120: 00 00 00 46 07 00 00 00 60 00 00 00 58 00 00 00 ...F....`...X... 0x0130: 90 00 00 00 58 00 00 00 20 00 00 00 68 00 00 00 ....X... ...h... 0x0140: 30 00 00 00 C0 00 00 00 01 10 08 00 CC CC CC CC 0............... 0x0150: 50 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 P............... 0x0160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x0170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x0180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x0190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x01A0: 00 00 00 00 00 00 00 00 01 10 08 00 CC CC CC CC ................ 0x01B0: 48 00 00 00 00 00 00 00 00 5D 88 9A EB 1C C9 11 H........]...... 0x01C0: 9F E8 08 00 2B 10 48 60 10 00 00 00 00 00 00 00 ....+.H`........ 0x01D0: 00 00 00 00 01 00 00 00 00 00 00 00 B8 47 0A 00 .............G.. 0x01E0: 58 00 00 00 05 00 06 00 01 00 00 00 00 00 00 00 X............... 0x01F0: 00 00 00 00 C0 00 00 00 00 00 00 46 CC CC CC CC ...........F.... 0x0200: 01 10 08 00 CC CC CC CC 80 00 00 00 00 00 00 00 ................ 0x0210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x0220: 20 BA 09 00 00 00 00 00 60 00 00 00 60 00 00 00 .......`...`... 0x0230: 4D 45 4F 57 04 00 00 00 C0 01 00 00 00 00 00 00 MEOW............ 0x0240: C0 00 00 00 00 00 00 46 3B 03 00 00 00 00 00 00 .......F;....... 0x0250: C0 00 00 00 00 00 00 46 00 00 00 00 30 00 00 00 .......F....0... 0x0260: 01 00 01 00 67 3C 70 94 13 33 FD 46 87 24 4D 09 ....g<p..3.F.$M. 0x0270: 39 88 93 9D 02 00 00 00 00 00 00 00 00 00 00 00 9............... 0x0280: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ 0x0290: 01 10 08 00 CC CC CC CC 48 00 00 00 00 00 00 00 ........H....... 0x02A0: 00 00 00 00 B0 7E 09 00 00 00 00 00 00 00 00 00 .....~.......... 0x02B0: F0 89 0A 00 00 00 00 00 00 00 00 00 0D 00 00 00 ................ 0x02C0: 00 00 00 00 0D 00 00 00 73 00 61 00 6A 00 69 00 ........s.a.j.i. 0x02D0: 61 00 64 00 65 00 76 00 5F 00 78 00 38 00 36 00 a.d.e.v._.x.8.6. 0x02E0: 00 00 08 00 CC CC CC CC 01 10 08 00 CC CC CC CC ................ 0x02F0: 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x0300: 00 00 00 00 00 00 00 00 01 10 08 00 CC CC CC CC ................ 0x0310: 58 00 00 00 00 00 00 00 C0 5E 0A 00 00 00 00 00 X........^...... 0x0320: 00 00 00 00 00 00 00 00 1B 00 00 00 00 00 00 00 ................ 0x0330: 1B 00 00 00 5C 00 5C 00 00 00 5C 00 6A 00 69 00 ....\.\...\.j.i. 0x0340: 61 00 64 00 65 00 76 00 5F 00 78 00 00 00 36 00 a.d.e.v._.x...6. 0x0350: 5C 00 70 00 75 00 62 00 6C 00 69 00 63 00 5C 00 \.p.u.b.l.i.c.\. 0x0360: 41 00 41 00 41 00 41 00 00 00 00 00 01 00 15 00 A.A.A.A......... 0x0370: 01 10 08 00 CC CC CC CC 20 00 00 00 00 00 00 00 ........ ....... 0x0380: 00 00 00 00 90 5B 09 00 02 00 00 00 01 00 6C 00 .....[........l. 0x0390: C0 DF 08 00 01 00 00 00 07 00 55 00 00 00 00 00 ..........U..... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:47.103614 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800 len:0x5E 192.168.0.104:135 -> 192.168.0.200:2784 TCP TTL:128 TOS:0x0 ID:44513 IpLen:20 DgmLen:80 DF ***AP*** Seq: 0x749C9A83 Ack: 0xFB25A25A Win: 0x3FC6 TcpLen: 20 0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00 ...X8q....a...E. 0x0010: 00 50 AD E1 40 00 80 06 CA 45 C0 A8 00 68 C0 A8 .P..@....E...h.. 0x0020: 00 C8 00 87 0A E0 74 9C 9A 83 FB 25 A2 5A 50 18 ......t....%.ZP. 0x0030: 3F C6 D8 D2 00 00 05 00 02 03 10 00 00 00 28 00 ?.............(. 0x0040: 00 00 01 00 00 00 10 00 00 00 00 00 00 00 00 00 ................ 0x0050: 00 00 00 00 00 00 00 00 00 00 04 00 08 80 .............. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:47.221009 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x36 192.168.0.200:2784 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48499 IpLen:20 DgmLen:40 DF ***A**** Seq: 0xFB25A25A Ack: 0x749C9AAB Win: 0x435A TcpLen: 20 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 28 BD 73 40 00 80 06 BA DB C0 A8 00 C8 C0 A8 .(.s@........... 0x0020: 00 68 0A E0 00 87 FB 25 A2 5A 74 9C 9A AB 50 10 .h.....%.Zt...P. 0x0030: 43 5A 31 CA 00 00 CZ1... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:48.130922 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x36 192.168.0.200:2784 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48504 IpLen:20 DgmLen:40 DF ***A***F Seq: 0xFB25A25A Ack: 0x749C9AAB Win: 0x435A TcpLen: 20 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 28 BD 78 40 00 80 06 BA D6 C0 A8 00 C8 C0 A8 .(.x@........... 0x0020: 00 68 0A E0 00 87 FB 25 A2 5A 74 9C 9A AB 50 11 .h.....%.Zt...P. 0x0030: 43 5A 31 C9 00 00 CZ1... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:48.131290 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800 len:0x3C 192.168.0.104:135 -> 192.168.0.200:2784 TCP TTL:128 TOS:0x0 ID:44514 IpLen:20 DgmLen:40 DF ***A**** Seq: 0x749C9AAB Ack: 0xFB25A25B Win: 0x3FC6 TcpLen: 20 0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00 ...X8q....a...E. 0x0010: 00 28 AD E2 40 00 80 06 CA 6C C0 A8 00 68 C0 A8 .(..@....l...h.. 0x0020: 00 C8 00 87 0A E0 74 9C 9A AB FB 25 A2 5B 50 10 ......t....%.[P. 0x0030: 3F C6 35 5D 00 00 FF FF FF FF FF FF ?.5]........ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:48.131436 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800 len:0x3C 192.168.0.104:135 -> 192.168.0.200:2784 TCP TTL:128 TOS:0x0 ID:44515 IpLen:20 DgmLen:40 DF ***A***F Seq: 0x749C9AAB Ack: 0xFB25A25B Win: 0x3FC6 TcpLen: 20 0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00 ...X8q....a...E. 0x0010: 00 28 AD E3 40 00 80 06 CA 6B C0 A8 00 68 C0 A8 .(..@....k...h.. 0x0020: 00 C8 00 87 0A E0 74 9C 9A AB FB 25 A2 5B 50 11 ......t....%.[P. 0x0030: 3F C6 35 5C 00 00 FF FF FF FF FF FF ?.5\........ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:48.131453 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x36 192.168.0.200:2784 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48505 IpLen:20 DgmLen:40 DF ***A**** Seq: 0xFB25A25B Ack: 0x749C9AAC Win: 0x435A TcpLen: 20 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 28 BD 79 40 00 80 06 BA D5 C0 A8 00 C8 C0 A8 .(.y@........... 0x0020: 00 68 0A E0 00 87 FB 25 A2 5B 74 9C 9A AC 50 10 .h.....%.[t...P. 0x0030: 43 5A 31 C8 00 00 CZ1... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:48.131815 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x3E 192.168.0.200:2785 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48506 IpLen:20 DgmLen:48 DF ******S* Seq: 0xFB2F065E Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1334 NOP NOP SackOK 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 30 BD 7A 40 00 80 06 BA CC C0 A8 00 C8 C0 A8 .0.z@........... 0x0020: 00 68 0A E1 00 87 FB 2F 06 5E 00 00 00 00 70 02 .h...../.^....p. 0x0030: 40 00 B4 26 00 00 02 04 05 36 01 01 04 02 @..&.....6.... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:48.132096 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800 len:0x3E 192.168.0.104:135 -> 192.168.0.200:2785 TCP TTL:128 TOS:0x0 ID:44516 IpLen:20 DgmLen:48 DF ***A**S* Seq: 0x74A5E337 Ack: 0xFB2F065F Win: 0x43BE TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK 0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00 ...X8q....a...E. 0x0010: 00 30 AD E4 40 00 80 06 CA 62 C0 A8 00 68 C0 A8 .0..@....b...h.. 0x0020: 00 C8 00 87 0A E1 74 A5 E3 37 FB 2F 06 5F 70 12 ......t..7./._p. 0x0030: 43 BE 57 FC 00 00 02 04 05 B4 01 01 04 02 C.W........... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:48.132115 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x36 192.168.0.200:2785 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48507 IpLen:20 DgmLen:40 DF ***A**** Seq: 0xFB2F065F Ack: 0x74A5E338 Win: 0x43BE TcpLen: 20 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 28 BD 7B 40 00 80 06 BA D3 C0 A8 00 C8 C0 A8 .(.{@........... 0x0020: 00 68 0A E1 00 87 FB 2F 06 5F 74 A5 E3 38 50 10 .h...../._t..8P. 0x0030: 43 BE 84 C0 00 00 C..... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:48.141920 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x7E 192.168.0.200:2785 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48508 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xFB2F065F Ack: 0x74A5E338 Win: 0x43BE TcpLen: 20 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 70 BD 7C 40 00 80 06 BA 8A C0 A8 00 C8 C0 A8 .p.|@........... 0x0020: 00 68 0A E1 00 87 FB 2F 06 5F 74 A5 E3 38 50 18 .h...../._t..8P. 0x0030: 43 BE BA 87 00 00 05 00 0B 03 10 00 00 00 48 00 C.............H. 0x0040: 00 00 01 00 00 00 D0 16 D0 16 00 00 00 00 01 00 ................ 0x0050: 00 00 00 00 01 00 A0 01 00 00 00 00 00 00 C0 00 ................ 0x0060: 00 00 00 00 00 46 00 00 00 00 04 5D 88 8A EB 1C .....F.....].... 0x0070: C9 11 9F E8 08 00 2B 10 48 60 02 00 00 00 ......+.H`.... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:48.142434 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800 len:0x72 192.168.0.104:135 -> 192.168.0.200:2785 TCP TTL:128 TOS:0x0 ID:44517 IpLen:20 DgmLen:100 DF ***AP*** Seq: 0x74A5E338 Ack: 0xFB2F06A7 Win: 0x4376 TcpLen: 20 0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00 ...X8q....a...E. 0x0010: 00 64 AD E5 40 00 80 06 CA 2D C0 A8 00 68 C0 A8 .d..@....-...h.. 0x0020: 00 C8 00 87 0A E1 74 A5 E3 38 FB 2F 06 A7 50 18 ......t..8./..P. 0x0030: 43 76 91 2F 00 00 05 00 0C 03 10 00 00 00 3C 00 Cv./..........<. 0x0040: 00 00 01 00 00 00 D0 16 D0 16 2B 79 00 00 04 00 ..........+y.... 0x0050: 31 33 35 00 00 00 01 00 00 00 00 00 00 00 04 5D 135............] 0x0060: 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ..........+.H`.. 0x0070: 00 00 .. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:48.324605 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x36 192.168.0.200:2785 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48509 IpLen:20 DgmLen:40 DF ***A**** Seq: 0xFB2F06A7 Ack: 0x74A5E374 Win: 0x4382 TcpLen: 20 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 28 BD 7D 40 00 80 06 BA D1 C0 A8 00 C8 C0 A8 .(.}@........... 0x0020: 00 68 0A E1 00 87 FB 2F 06 A7 74 A5 E3 74 50 10 .h...../..t..tP. 0x0030: 43 82 84 78 00 00 C..x.. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:49.172247 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x7C 192.168.0.200:2785 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48510 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xFB2F06A7 Ack: 0x74A5E374 Win: 0x4382 TcpLen: 20 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 6E BD 7E 40 00 80 06 BA 8A C0 A8 00 C8 C0 A8 .n.~@........... 0x0020: 00 68 0A E1 00 87 FB 2F 06 A7 74 A5 E3 74 50 18 .h...../..t..tP. 0x0030: 43 82 A6 13 00 00 05 00 00 03 10 00 00 00 B0 03 C............... 0x0040: 00 00 02 00 00 00 98 03 00 00 00 00 04 00 05 00 ................ 0x0050: 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x0060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x0070: 00 00 90 05 14 00 68 03 00 00 68 03 ......h...h. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:49.305111 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800 len:0x3C 192.168.0.104:135 -> 192.168.0.200:2785 TCP TTL:128 TOS:0x0 ID:44518 IpLen:20 DgmLen:40 DF ***A**** Seq: 0x74A5E374 Ack: 0xFB2F06ED Win: 0x4330 TcpLen: 20 0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00 ...X8q....a...E. 0x0010: 00 28 AD E6 40 00 80 06 CA 68 C0 A8 00 68 C0 A8 .(..@....h...h.. 0x0020: 00 C8 00 87 0A E1 74 A5 E3 74 FB 2F 06 ED 50 10 ......t..t./..P. 0x0030: 43 30 84 84 00 00 FF FF FF FF FF FF C0.......... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:49.305192 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x3A0 192.168.0.200:2785 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48511 IpLen:20 DgmLen:914 DF ***AP*** Seq: 0xFB2F06ED Ack: 0x74A5E374 Win: 0x4382 TcpLen: 20 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 03 92 BD 7F 40 00 80 06 B7 65 C0 A8 00 C8 C0 A8 ....@....e...... 0x0020: 00 68 0A E1 00 87 FB 2F 06 ED 74 A5 E3 74 50 18 .h...../..t..tP. 0x0030: 43 82 E2 B8 00 00 00 00 4D 45 4F 57 04 00 00 00 C.......MEOW.... 0x0040: A2 01 00 00 00 00 00 00 C0 00 00 00 00 00 00 46 ...............F 0x0050: 38 03 00 00 00 00 00 00 C0 00 00 00 00 00 00 46 8..............F 0x0060: 00 00 00 00 38 03 00 00 30 03 00 00 00 00 00 00 ....8...0....... 0x0070: 01 10 08 00 CC CC CC CC C8 00 00 00 00 00 00 00 ................ 0x0080: 30 03 00 00 D8 00 00 00 00 00 00 00 02 00 00 00 0............... 0x0090: 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x00A0: 00 00 00 00 18 01 8D 00 B8 01 8D 00 00 00 00 00 ................ 0x00B0: 07 00 00 00 B9 01 00 00 00 00 00 00 C0 00 00 00 ................ 0x00C0: 00 00 00 46 AB 01 00 00 00 00 00 00 C0 00 00 00 ...F............ 0x00D0: 00 00 00 46 A5 01 00 00 00 00 00 00 C0 00 00 00 ...F............ 0x00E0: 00 00 00 46 F6 01 00 00 00 00 00 00 C0 00 00 00 ...F............ 0x00F0: 00 00 00 46 FF 01 00 00 00 00 00 00 C0 00 00 00 ...F............ 0x0100: 00 00 00 46 AD 01 00 00 00 00 00 00 C0 00 00 00 ...F............ 0x0110: 00 00 00 46 AA 01 00 00 00 00 00 00 C0 00 00 00 ...F............ 0x0120: 00 00 00 46 07 00 00 00 60 00 00 00 58 00 00 00 ...F....`...X... 0x0130: 90 00 00 00 58 00 00 00 20 00 00 00 68 00 00 00 ....X... ...h... 0x0140: 30 00 00 00 C0 00 00 00 01 10 08 00 CC CC CC CC 0............... 0x0150: 50 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 P............... 0x0160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x0170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x0180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x0190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x01A0: 00 00 00 00 00 00 00 00 01 10 08 00 CC CC CC CC ................ 0x01B0: 48 00 00 00 00 00 00 00 00 5D 88 9A EB 1C C9 11 H........]...... 0x01C0: 9F E8 08 00 2B 10 48 60 10 00 00 00 00 00 00 00 ....+.H`........ 0x01D0: 00 00 00 00 01 00 00 00 00 00 00 00 B8 47 0A 00 .............G.. 0x01E0: 58 00 00 00 05 00 06 00 01 00 00 00 00 00 00 00 X............... 0x01F0: 00 00 00 00 C0 00 00 00 00 00 00 46 CC CC CC CC ...........F.... 0x0200: 01 10 08 00 CC CC CC CC 80 00 00 00 00 00 00 00 ................ 0x0210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x0220: 20 BA 09 00 00 00 00 00 60 00 00 00 60 00 00 00 .......`...`... 0x0230: 4D 45 4F 57 04 00 00 00 C0 01 00 00 00 00 00 00 MEOW............ 0x0240: C0 00 00 00 00 00 00 46 3B 03 00 00 00 00 00 00 .......F;....... 0x0250: C0 00 00 00 00 00 00 46 00 00 00 00 30 00 00 00 .......F....0... 0x0260: 01 00 01 00 67 3C 70 94 13 33 FD 46 87 24 4D 09 ....g<p..3.F.$M. 0x0270: 39 88 93 9D 02 00 00 00 00 00 00 00 00 00 00 00 9............... 0x0280: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ 0x0290: 01 10 08 00 CC CC CC CC 48 00 00 00 00 00 00 00 ........H....... 0x02A0: 00 00 00 00 B0 7E 09 00 00 00 00 00 00 00 00 00 .....~.......... 0x02B0: F0 89 0A 00 00 00 00 00 00 00 00 00 0D 00 00 00 ................ 0x02C0: 00 00 00 00 0D 00 00 00 73 00 61 00 6A 00 69 00 ........s.a.j.i. 0x02D0: 61 00 64 00 65 00 76 00 5F 00 78 00 38 00 36 00 a.d.e.v._.x.8.6. 0x02E0: 00 00 08 00 CC CC CC CC 01 10 08 00 CC CC CC CC ................ 0x02F0: 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x0300: 00 00 00 00 00 00 00 00 01 10 08 00 CC CC CC CC ................ 0x0310: 58 00 00 00 00 00 00 00 C0 5E 0A 00 00 00 00 00 X........^...... 0x0320: 00 00 00 00 00 00 00 00 1B 00 00 00 00 00 00 00 ................ 0x0330: 1B 00 00 00 5C 00 5C 00 00 00 5C 00 6A 00 69 00 ....\.\...\.j.i. 0x0340: 61 00 64 00 65 00 76 00 5F 00 78 00 00 00 36 00 a.d.e.v._.x...6. 0x0350: 5C 00 70 00 75 00 62 00 6C 00 69 00 63 00 5C 00 \.p.u.b.l.i.c.\. 0x0360: 41 00 41 00 41 00 41 00 00 00 00 00 01 00 15 00 A.A.A.A......... 0x0370: 01 10 08 00 CC CC CC CC 20 00 00 00 00 00 00 00 ........ ....... 0x0380: 00 00 00 00 90 5B 09 00 02 00 00 00 01 00 6C 00 .....[........l. 0x0390: C0 DF 08 00 01 00 00 00 07 00 55 00 00 00 00 00 ..........U..... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:49.306636 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800 len:0x5E 192.168.0.104:135 -> 192.168.0.200:2785 TCP TTL:128 TOS:0x0 ID:44519 IpLen:20 DgmLen:80 DF ***AP*** Seq: 0x74A5E374 Ack: 0xFB2F0A57 Win: 0x3FC6 TcpLen: 20 0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00 ...X8q....a...E. 0x0010: 00 50 AD E7 40 00 80 06 CA 3F C0 A8 00 68 C0 A8 .P..@....?...h.. 0x0020: 00 C8 00 87 0A E1 74 A5 E3 74 FB 2F 0A 57 50 18 ......t..t./.WP. 0x0030: 3F C6 26 D1 00 00 05 00 02 03 10 00 00 00 28 00 ?.&...........(. 0x0040: 00 00 02 00 00 00 10 00 00 00 00 00 00 00 00 00 ................ 0x0050: 00 00 00 00 00 00 00 00 00 00 04 00 08 80 .............. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:49.428071 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x36 192.168.0.200:2785 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48512 IpLen:20 DgmLen:40 DF ***A**** Seq: 0xFB2F0A57 Ack: 0x74A5E39C Win: 0x435A TcpLen: 20 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 28 BD 80 40 00 80 06 BA CE C0 A8 00 C8 C0 A8 .(..@........... 0x0020: 00 68 0A E1 00 87 FB 2F 0A 57 74 A5 E3 9C 50 10 .h...../.Wt...P. 0x0030: 43 5A 80 C8 00 00 CZ.... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:50.332959 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x36 192.168.0.200:2785 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48513 IpLen:20 DgmLen:40 DF ***A***F Seq: 0xFB2F0A57 Ack: 0x74A5E39C Win: 0x435A TcpLen: 20 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 28 BD 81 40 00 80 06 BA CD C0 A8 00 C8 C0 A8 .(..@........... 0x0020: 00 68 0A E1 00 87 FB 2F 0A 57 74 A5 E3 9C 50 11 .h...../.Wt...P. 0x0030: 43 5A 80 C7 00 00 CZ.... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:50.333326 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800 len:0x3C 192.168.0.104:135 -> 192.168.0.200:2785 TCP TTL:128 TOS:0x0 ID:44520 IpLen:20 DgmLen:40 DF ***A**** Seq: 0x74A5E39C Ack: 0xFB2F0A58 Win: 0x3FC6 TcpLen: 20 0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00 ...X8q....a...E. 0x0010: 00 28 AD E8 40 00 80 06 CA 66 C0 A8 00 68 C0 A8 .(..@....f...h.. 0x0020: 00 C8 00 87 0A E1 74 A5 E3 9C FB 2F 0A 58 50 10 ......t..../.XP. 0x0030: 3F C6 84 5B 00 00 FF FF FF FF FF FF ?..[........ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:50.333464 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800 len:0x3C 192.168.0.104:135 -> 192.168.0.200:2785 TCP TTL:128 TOS:0x0 ID:44521 IpLen:20 DgmLen:40 DF ***A***F Seq: 0x74A5E39C Ack: 0xFB2F0A58 Win: 0x3FC6 TcpLen: 20 0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00 ...X8q....a...E. 0x0010: 00 28 AD E9 40 00 80 06 CA 65 C0 A8 00 68 C0 A8 .(..@....e...h.. 0x0020: 00 C8 00 87 0A E1 74 A5 E3 9C FB 2F 0A 58 50 11 ......t..../.XP. 0x0030: 3F C6 84 5A 00 00 FF FF FF FF FF FF ?..Z........ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ 09/11-11:31:50.333482 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800 len:0x36 192.168.0.200:2785 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48514 IpLen:20 DgmLen:40 DF ***A**** Seq: 0xFB2F0A58 Ack: 0x74A5E39D Win: 0x435A TcpLen: 20 0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00 ....a....X8q..E. 0x0010: 00 28 BD 82 40 00 80 06 BA CC C0 A8 00 C8 C0 A8 .(..@........... 0x0020: 00 68 0A E1 00 87 FB 2F 0A 58 74 A5 E3 9D 50 10 .h...../.Xt...P. 0x0030: 43 5A 80 C6 00 00 CZ.... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ Regards, Eric Hines CEO, Chairman =============================================== Eric Hines CEO, Chairman Applied Watch Technologies, Inc. eric.hines () appliedwatch com ----------------------------------------------- Corporate Headquarters 1650 Carlemont Dr. Suite D Crystal Lake, IL. 60014 ----------------------------------------------- Direct Toll Free: (877) 262-7593 (x327) Fax: (815) 425-2173 ----------------------------------------------- Main Switchboard: (877) 262-7593 (9am-5pm CST) Commercial Sales: (877) 262-7593 (opt1) Government Sales: (877) 262-7593 (opt2) =============================================== -----Original Message----- From: Alexander Antipov [ <mailto:antipov () algo ru> mailto:antipov () algo ru] Sent: Thursday, September 11, 2003 3:21 AM To: 'full-disclosure () lists netsys com' Subject: [Full-disclosure] PTms03039.zip Hi! PTms03039.zip is an utility for checking Windows machine, which is vulnerable to the RPC DCOM #2 (MS03-039). Tool can be downloaded here <http://www.securitylab.ru/?ID=40170> http://www.securitylab.ru/?ID=40170 (in Russian!) --------------------------- Positive Technologies ( <http://www.ptsecurity.com> http://www.ptsecurity.com) is information security company. We are especially focused on protection of corporate networks from external attacks. --------------------------
Current thread:
- PTms03039.zip Alexander Antipov (Sep 11)
- Positive Technologies DCOM Buffer Overflow2 Signatures/Packets Eric Hines (Sep 11)