Security Incidents mailing list archives
Possible attemt at hacking?
From: geir () MAIL WSU EDU (Geir A. Bjune)
Date: Tue, 25 Jan 2000 21:51:25 -0800
I'm not 100% sure what the following is, but I keep getting illegal datagrams from certain machines throught NT's Rdr service (smb I assume) The following message shows up in the message log: The browser has received an illegal datagram from the remote computer <remote> to name <mymachinename> on transport Nwlnk. The data is the datagram Data is as follows: 0000: 00 00 3e 00 04 00 86 00 ..>...?. 0008: 00 00 00 00 46 1f 00 80 ....F..? 0010: 00 00 00 00 d0 00 00 c0 ....Ð..À 0018: 04 00 00 00 00 00 00 00 ........ 0020: 00 00 00 00 00 00 00 00 ........ 0028: ff 00 b1 53 4d 42 25 00 ÿ.±SMB%. 0030: 00 00 00 00 00 00 00 00 ........ 0038: 00 00 00 00 00 00 00 00 ........ 0040: 00 00 00 00 00 00 00 00 ........ 0048: 00 00 11 00 00 2f 00 00 ...../.. 0050: 00 00 00 00 00 00 00 00 ........ 0058: 00 00 00 00 00 00 00 00 ........ 0060: 00 2f 00 56 00 03 ./.V.. I would very much like to know if this is someone trying to break down my NT 4,0 machine (Windows NT 4.0 workstation, SP 6a) Any information appreciated. Thanks, Geir
Current thread:
- Anti-Death Penalty, (continued)
- Anti-Death Penalty Robert Graham (Jan 26)
- Re: Anti-Death Penalty Derek Moeller (Jan 28)
- Re: Anti-Death Penalty Robert Graham (Jan 28)
- BOGUS.IvCD File Jonathan A. Zdziarski (Jan 26)
- Re: BOGUS.IvCD File Vanja Hrustic (Jan 27)
- Re: PC Anywhere client seems to probe class C of connected networks Robert Graham (Jan 26)
- Probes to tcp 2766 ('System V Listner') Russell Fulton (Jan 26)
- Re: No Idea Paul L Schmehl (Jan 25)
- Re: No Idea Robert Graham (Jan 25)
- Possible Probe = Possible Malfunction Ron Gula (Jan 25)
- Possible attemt at hacking? Geir A. Bjune (Jan 25)
- Re: Possible attemt at hacking? Brendan Grieve (Jan 27)
- Re: ? Adam Boileau (Jan 25)
- Korea (was RE: ?) Fernando Cardoso (Jan 26)
- Strange DNS/TCP activity Pavel Kankovsky (Jan 26)
- Re: Strange DNS/TCP activity Asmodeus (Jan 27)
- Re: Strange DNS/TCP activity Roy Pait (Jan 27)
- port 768 Guido A.J. Stevens (Jan 27)
- Re: port 768 Robert Graham (Jan 27)
- Re: Strange DNS/TCP activity technot (Jan 27)
- Re: Strange DNS/TCP activity Richard Bejtlich (Jan 27)