Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

UDP Attack from port 31320

From: "Mendoza, Luis" <luis.mendoza () ATTLA COM>
Date: Mon, 12 Feb 2001 16:48:43 -0500
Hi,
I had received the following traffic from 200.45.28.36 against my network, I
am not sure if this traffic is Trinoo or another DoS program, the port used
is near the Trinoo port (UDP:31335) or by BackOriffice (31337). I thing that
is BackOriffice.
Any information, will be welcome

Regards

Luis Mendoza
Feb 10 13:09:01 200.45.28.36:31340 -> a.b.c.70:31320 UDP
Feb 10 13:09:01 200.45.28.36:31340 -> a.b.c.75:31320 UDP
Feb 10 13:09:01 200.45.28.36:31340 -> a.b.c.80:31320 UDP
Feb 10 13:09:01 200.45.28.36:31340 -> a.b.c.84:31320 UDP
Feb 10 13:09:01 200.45.28.36:31340 -> a.b.c.87:31320 UDP
Feb 10 13:09:01 200.45.28.36:31340 -> a.b.c.93:31320 UDP
Feb 10 13:09:01 200.45.28.36:31340 -> a.b.c.97:31320 UDP
Feb 10 13:09:01 200.45.28.36:31340 -> a.b.c.101:31320 UDP
Feb 10 13:09:01 200.45.28.36:31340 -> a.b.c.103:31320 UDP
Feb 10 13:09:01 200.45.28.36:31340 -> a.b.c.104:31320 UDP
Feb 10 13:09:01 200.45.28.36:31340 -> a.b.c.114:31320 UDP
Feb 10 13:09:01 200.45.28.36:31340 -> a.b.c.118:31320 UDP

Frame 1 (64 on wire, 64 captured)
    Arrival Time: Feb 10, 2001 13:08:59.2000
    Time delta from previous packet: 0.000000 seconds
    Frame Number: 1
    Packet Length: 64 bytes
    Capture Length: 64 bytes

Data (22 bytes)

   0  00e0 b601 3a36 00d0 06d6 9c39 0800 4500   ....:6.....9..E.
  10  0032 a7ac 0000 6f11 2782 c82d 1c24 aabb   .2....o.'..-.$..
  20  ccdd 7a6c 7a58 001e 551d 305e 7031 5e70   .FzlzX..U.0^p1^p
  30  325e 7061 7373 776f 7264 6361 6879 6e61   2^passwordcahyna

Frame 2 (64 on wire, 64 captured)
    Arrival Time: Feb 10, 2001 13:08:59.2047
    Time delta from previous packet: 0.004726 seconds
    Frame Number: 2
    Packet Length: 64 bytes
    Capture Length: 64 bytes

Data (22 bytes)

   0  00e0 b601 3a36 00d0 06d6 9c39 0800 4500   ....:6.....9..E.
  10  0032 a9ac 0000 6f11 257d c82d 1c24 aabb   .2....o.%}.-.$..
  20  bf4b 7a6c 7a58 001e 5518 305e 7031 5e70   .KzlzX..U.0^p1^p
  30  325e 7061 7373 776f 7264 6361 6879 6e61   2^passwordcahyna

Frame 3 (64 on wire, 64 captured)
    Arrival Time: Feb 10, 2001 13:08:59.2273
    Time delta from previous packet: 0.022557 seconds
    Frame Number: 3
    Packet Length: 64 bytes
    Capture Length: 64 bytes
Data (22 bytes)

   0  00e0 b601 3a36 00d0 06d6 9c39 0800 4500   ....:6.....9..E.
  10  0032 abac 0000 6f11 2378 c82d 1c24 aabb   .2....o.#x.-.$..
  20  bf50 7a6c 7a58 001e 5513 305e 7031 5e70   .PzlzX..U.0^p1^p
  30  325e 7061 7373 776f 7264 6361 6879 6e61   2^passwordcahyna

Frame 4 (64 on wire, 64 captured)
    Arrival Time: Feb 10, 2001 13:08:59.2335
    Time delta from previous packet: 0.006264 seconds
    Frame Number: 4
    Packet Length: 64 bytes
    Capture Length: 64 bytes

Data (22 bytes)

   0  00e0 b601 3a36 00d0 06d6 9c39 0800 4500   ....:6.....9..E.
  10  0032 adac 0000 6f11 2174 c82d 1c24 aabb   .2....o.!t.-.$..
  20  bf54 7a6c 7a58 001e 550f 305e 7031 5e70   .TzlzX..U.0^p1^p
  30  325e 7061 7373 776f 7264 6361 6879 6e61   2^passwordcahyna

Frame 5 (64 on wire, 64 captured)
    Arrival Time: Feb 10, 2001 13:08:59.2336
    Time delta from previous packet: 0.000011 seconds
    Frame Number: 5
    Packet Length: 64 bytes
    Capture Length: 64 bytes

Data (22 bytes)

   0  00e0 b601 3a36 00d0 06d6 9c39 0800 4500   ....:6.....9..E.
  10  0032 afac 0000 6f11 1f71 c82d 1c24 aabb   .2....o..q.-.$..
  20  bf57 7a6c 7a58 001e 550c 305e 7031 5e70   .WzlzX..U.0^p1^p
  30  325e 7061 7373 776f 7264 6361 6879 6e61   2^passwordcahyna

Frame 6 (64 on wire, 64 captured)
    Arrival Time: Feb 10, 2001 13:08:59.2413
    Time delta from previous packet: 0.007694 seconds
    Frame Number: 6
    Packet Length: 64 bytes
    Capture Length: 64 bytes

Data (22 bytes)

   0  00e0 b601 3a36 00d0 06d6 9c39 0800 4500   ....:6.....9..E.
  10  0032 b1ac 0000 6f11 1d6b c82d 1c24 aabb   .2....o..k.-.$..
  20  bf5d 7a6c 7a58 001e 5506 305e 7031 5e70   .]zlzX..U.0^p1^p
  30  325e 7061 7373 776f 7264 6361 6879 6e61   2^passwordcahyna

Frame 7 (64 on wire, 64 captured)
    Arrival Time: Feb 10, 2001 13:08:59.2906
    Time delta from previous packet: 0.049300 seconds
    Frame Number: 7
    Packet Length: 64 bytes
    Capture Length: 64 bytes

Data (22 bytes)

   0  00e0 b601 3a36 00d0 06d6 9c39 0800 4500   ....:6.....9..E.
  10  0032 b5ac 0000 6f11 1967 c82d 1c24 aabb   .2....o..g.-.$..
  20  bf61 7a6c 7a58 001e 5502 305e 7031 5e70   .azlzX..U.0^p1^p
  30  325e 7061 7373 776f 7264 6361 6879 6e61   2^passwordcahyna

Frame 8 (64 on wire, 64 captured)
    Arrival Time: Feb 10, 2001 13:08:59.2906
    Time delta from previous packet: 0.000043 seconds
    Frame Number: 8
    Packet Length: 64 bytes
    Capture Length: 64 bytes

Data (22 bytes)

   0  00e0 b601 3a36 00d0 06d6 9c39 0800 4500   ....:6.....9..E.
  10  0032 b7ac 0000 6f11 1763 c82d 1c24 aabb   .2....o..c.-.$..
  20  bf65 7a6c 7a58 001e 54fe 305e 7031 5e70   .ezlzX..T.0^p1^p
  30  325e 7061 7373 776f 7264 6361 6879 6e61   2^passwordcahyna

Frame 9 (64 on wire, 64 captured)
    Arrival Time: Feb 10, 2001 13:08:59.2906
    Time delta from previous packet: 0.000011 seconds
    Frame Number: 9
    Packet Length: 64 bytes
    Capture Length: 64 bytes

Data (22 bytes)

   0  00e0 b601 3a36 00d0 06d6 9c39 0800 4500   ....:6.....9..E.
  10  0032 b8ac 0000 6f11 1661 c82d 1c24 aabb   .2....o..a.-.$..
  20  bf67 7a6c 7a58 001e 54fc 305e 7031 5e70   .gzlzX..T.0^p1^p
  30  325e 7061 7373 776f 7264 6361 6879 6e61   2^passwordcahyna

Frame 10 (64 on wire, 64 captured)
    Arrival Time: Feb 10, 2001 13:08:59.2970
    Time delta from previous packet: 0.006439 seconds
    Frame Number: 10
    Packet Length: 64 bytes
    Capture Length: 64 bytes

Data (22 bytes)

   0  00e0 b601 3a36 00d0 06d6 9c39 0800 4500   ....:6.....9..E.
  10  0032 b9ac 0000 6f11 1560 c82d 1c24 aabb   .2....o..`.-.$..
  20  bf68 7a6c 7a58 001e 54fb 305e 7031 5e70   .hzlzX..T.0^p1^p
  30  325e 7061 7373 776f 7264 6361 6879 6e61   2^passwordcahyna

Frame 11 (64 on wire, 64 captured)
    Arrival Time: Feb 10, 2001 13:08:59.2987
    Time delta from previous packet: 0.001644 seconds
    Frame Number: 11
    Packet Length: 64 bytes
    Capture Length: 64 bytes

Data (22 bytes)

   0  00e0 b601 3a36 00d0 06d6 9c39 0800 4500   ....:6.....9..E.
  10  0032 bdac 0000 6f11 1156 c82d 1c24 aabb   .2....o..V.-.$..
  20  bf72 7a6c 7a58 001e 54f1 305e 7031 5e70   .rzlzX..T.0^p1^p
  30  325e 7061 7373 776f 7264 6361 6879 6e61   2^passwordcahyna

Frame 12 (64 on wire, 64 captured)
    Arrival Time: Feb 10, 2001 13:08:59.3181
    Time delta from previous packet: 0.019431 seconds
    Frame Number: 12
    Packet Length: 64 bytes
    Capture Length: 64 bytes

    Checksum: 0x54ed
Data (22 bytes)

   0  00e0 b601 3a36 00d0 06d6 9c39 0800 4500   ....:6.....9..E.
  10  0032 bfac 0000 6f11 0f52 c82d 1c24 aabb   .2....o..R.-.$..
  20  bf76 7a6c 7a58 001e 54ed 305e 7031 5e70   .vzlzX..T.0^p1^p
  30  325e 7061 7373 776f 7264 6361 6879 6e61   2^passwordcahyna
Previous By Date Next
Previous By Thread Next

Current thread: