Security Incidents mailing list archives
Re: Possible attemt at hacking?
From: Dante () WEBCTI COM (Dante Mercurio)
Date: Wed, 26 Jan 2000 15:40:18 -0500
This is not likely to be an attack since it is occurring over IPX/SPX (Nwlnk transport). Most likely it is a system with an incorrect frame type on your network. You might want to run a sniffer program to determine the culprits. If you know who they are, check the frame type, and the IPX/SPX network number, and make sure they are correct. --Dante -----Original Message----- From: Geir A. Bjune [mailto:geir () MAIL WSU EDU] Sent: Wednesday, January 26, 2000 12:51 AM To: INCIDENTS () SECURITYFOCUS COM Subject: Possible attemt at hacking? I'm not 100% sure what the following is, but I keep getting illegal datagrams from certain machines throught NT's Rdr service (smb I assume) The following message shows up in the message log: The browser has received an illegal datagram from the remote computer <remote> to name <mymachinename> on transport Nwlnk. The data is the datagram Data is as follows: 0000: 00 00 3e 00 04 00 86 00 ..>...?. 0008: 00 00 00 00 46 1f 00 80 ....F..? 0010: 00 00 00 00 d0 00 00 c0 ....Ð..À 0018: 04 00 00 00 00 00 00 00 ........ 0020: 00 00 00 00 00 00 00 00 ........ 0028: ff 00 b1 53 4d 42 25 00 ÿ.±SMB%. 0030: 00 00 00 00 00 00 00 00 ........ 0038: 00 00 00 00 00 00 00 00 ........ 0040: 00 00 00 00 00 00 00 00 ........ 0048: 00 00 11 00 00 2f 00 00 ...../.. 0050: 00 00 00 00 00 00 00 00 ........ 0058: 00 00 00 00 00 00 00 00 ........ 0060: 00 2f 00 56 00 03 ./.V.. I would very much like to know if this is someone trying to break down my NT 4,0 machine (Windows NT 4.0 workstation, SP 6a) Any information appreciated. Thanks, Geir
Current thread:
- Re: Possible attemt at hacking? Dante Mercurio (Jan 26)