Security Incidents mailing list archives
Re: Possible attemt at hacking?
From: brendan () AUSTCO COM AU (Brendan Grieve)
Date: Fri, 28 Jan 2000 10:05:23 +0800
I used to get this all the time, ESPECIALLY on my Small Business NT boxes, and from specific clients. Frame type was correct, and it drove me nuts... Eventually I just replaced the Network Cards in those, and it disapeared (And found out the cards that were in those machines were extremely cheap and nasty ones). Cheers... Brendan Grieve, Administrator - I hear if you play the NT CD backwards, you can hear satanic messages? - Thats NOTHING. If you play it forwards, it installs NT 4.0. ----- Original Message ----- From: Geir A. Bjune <geir () MAIL WSU EDU> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Wednesday, January 26, 2000 1:51 PM Subject: Possible attemt at hacking? I'm not 100% sure what the following is, but I keep getting illegal datagrams from certain machines throught NT's Rdr service (smb I assume) The following message shows up in the message log: The browser has received an illegal datagram from the remote computer <remote> to name <mymachinename> on transport Nwlnk. The data is the datagram Data is as follows: 0000: 00 00 3e 00 04 00 86 00 ..>...?. 0008: 00 00 00 00 46 1f 00 80 ....F..? 0010: 00 00 00 00 d0 00 00 c0 ....Ð..À 0018: 04 00 00 00 00 00 00 00 ........ 0020: 00 00 00 00 00 00 00 00 ........ 0028: ff 00 b1 53 4d 42 25 00 ÿ.±SMB%. 0030: 00 00 00 00 00 00 00 00 ........ 0038: 00 00 00 00 00 00 00 00 ........ 0040: 00 00 00 00 00 00 00 00 ........ 0048: 00 00 11 00 00 2f 00 00 ...../.. 0050: 00 00 00 00 00 00 00 00 ........ 0058: 00 00 00 00 00 00 00 00 ........ 0060: 00 2f 00 56 00 03 ./.V.. I would very much like to know if this is someone trying to break down my NT 4,0 machine (Windows NT 4.0 workstation, SP 6a) Any information appreciated. Thanks, Geir
Current thread:
- Re: Anti-Death Penalty, (continued)
- Re: Anti-Death Penalty Derek Moeller (Jan 28)
- Re: Anti-Death Penalty Robert Graham (Jan 28)
- BOGUS.IvCD File Jonathan A. Zdziarski (Jan 26)
- Re: BOGUS.IvCD File Vanja Hrustic (Jan 27)
- Re: PC Anywhere client seems to probe class C of connected networks Robert Graham (Jan 26)
- Probes to tcp 2766 ('System V Listner') Russell Fulton (Jan 26)
- Re: No Idea Paul L Schmehl (Jan 25)
- Re: No Idea Robert Graham (Jan 25)
- Possible Probe = Possible Malfunction Ron Gula (Jan 25)
- Possible attemt at hacking? Geir A. Bjune (Jan 25)
- Re: Possible attemt at hacking? Brendan Grieve (Jan 27)
- Re: ? Adam Boileau (Jan 25)
- Korea (was RE: ?) Fernando Cardoso (Jan 26)
- Strange DNS/TCP activity Pavel Kankovsky (Jan 26)
- Re: Strange DNS/TCP activity Asmodeus (Jan 27)
- Re: Strange DNS/TCP activity Roy Pait (Jan 27)
- port 768 Guido A.J. Stevens (Jan 27)
- Re: port 768 Robert Graham (Jan 27)
- Re: Strange DNS/TCP activity technot (Jan 27)
- Re: Strange DNS/TCP activity Richard Bejtlich (Jan 27)
- Connect thru PIX & ports 1727, 2209, 9200 CL: Nelson, Jeff (Jan 27)