Security Incidents mailing list archives
Large ICMP Packets with strange payload
From: "Brennan Bakke" <bbakke () solcon nl>
Date: Wed, 9 Jan 2002 12:35:57 +0100
I do not like seeing strings like "arpspoof", "frag/defrag",
"stream_reassemble", "portscan", "rpc_decode", and "telnet_decode" in Large
ICMP Packets.
Is this a Loki style covert communication channel, or just normal traffic?
Can someone *please* help me figure out what is generating these packets
(offlist)?
The packet dump is included below.
Thank you for your time.
Best regards,
Brennan
//-------------------------------------------------------------//
// SNORT PACKET DUMP
//-------------------------------------------------------------//
[**] [1:499:1] MISC Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
01/09-09:46:33.090000 $HOME_NET -> $DIALUP_ACCOUNT
ICMP TTL:255 TOS:0x0 ID:49021 IpLen:20 DgmLen:28
Type:0 Code:0 ID:19182 Seq:199 ECHO REPLY
00 00 00 00 00 00 00 00 00 00 00 00 00 00 2D 36 ..............-6
04 61 63 74 61 04 61 63 74 61 00 00 01 00 01 00 .acta.acta......
00 06 00 01 00 00 1B 35 00 40 01 41 0C 52 4F 4F .......5. () A ROO
54 2D 53 45 52 56 45 52 53 03 4E 45 54 00 05 6E T-SERVERS.NET..n
73 74 6C 64 0C 76 65 72 69 73 69 67 6E 2D 67 72 stld.verisign-gr
73 03 63 6F 6D 00 77 54 42 B1 00 00 07 08 00 00 s.com.wTB.......
03 84 00 09 3A 80 00 01 51 80 6C 21 5B F4 00 38 ....:...Q.l![..8
E9 30 34 33 73 A0 C9 25 33 7A 53 5C E7 20 27 E2 .043s..%3zS\. '.
05 99 A5 A2 9D 7A 22 16 F1 D9 9D 10 86 39 2E A1 .....z"......9..
5B 77 88 39 D8 C5 27 25 95 0E 04 63 A0 1C A8 1E [w.9..'%...c....
E8 11 18 B4 19 30 6E 79 9B D9 A5 37 D2 B8 61 90 .....0ny...7..a.
77 02 08 26 5F 2E 11 21 D1 62 1C F8 45 0A E2 56 w..&_..!.b..E..V
27 82 83 1E E9 21 27 71 43 A2 72 C9 63 2A 00 21 '....!'qC.r.c*.!
7B F4 67 A9 60 A1 BB 10 0B D8 F2 5A 9A A6 2E 60 {.g.`......Z...`
53 52 00 45 A4 41 10 5F 18 A2 36 BF 06 3E D6 25 SR.E.A._..6..>.%
6A 54 6A 22 DD 63 A5 51 31 A4 5D EA A5 F5 10 02 jTj".c.Q1.].....
00 21 F9 04 05 FA 00 1F 00 2C 2D 00 34 00 02 01 .!.......,-.4...
60 00 40 05 FF E0 27 8E 64 69 96 9B 52 58 14 35 `.@...'.di..RX.5
BC AD 55 28 DB 69 DF 78 AE EF 7C EF FF C0 A0 70 ..U(.i.x..|....p
F8 DB 14 20 82 A4 D2 21 29 D4 84 0A 8A 43 29 70 ... ...!)....C)p
50 9E C4 AC 76 CB ED 7A BF 22 85 84 9A 1C 60 49 P...v..z."....`I
1B 4B 80 9C 74 B8 A7 64 C7 40 71 2A 0C 44 13 09 .K..t..d.@q*.D..
1D CC EF FB 3F 00 7F 82 23 1D 70 4A 01 1E 26 1B ....?..#.pJ..&.
63 71 16 3A 16 86 4A 77 83 94 37 00 97 98 99 9A cq.:..Jw..7.....
22 9A 97 5E 9D 9E 95 A2 A3 A4 7D 9D 0A 1D 2B 16 "..^......}...+.
32 1D 0A A0 00 1B 1D AB 32 AE B0 1D 14 06 12 16 2.......2.......
1B A1 27 81 26 9A 2A B3 1D BC 99 C0 98 3A BF 25 ..'.&.*......:.%
A0 9C AF 3B 14 54 1F 02 88 26 0A 90 49 22 6D 05 ...;.T...&..I"m.
41 10 4C 44 1E 06 11 22 11 07 E5 07 E2 E4 E6 E2 A.LD..."........
0C 1A E6 23 67 3D 1B 14 E6 07 22 4D BC 8A 05 06 ...#g=...."M....
E5 12 1D 22 F3 E5 3E 68 A0 70 A9 80 86 83 1A 3E ..."..>h.p.....>
78 08 66 41 C2 41 7A 07 34 18 A0 40 07 13 38 7A x.fA.Az.4..@..8z
06 16 5E 52 30 00 E1 41 04 B5 5E 05 12 49 B2 64 ..^R0..A..^..I.d
AF 52 28 2B FF 75 68 67 4E 43 81 4D 3B 14 EC AB .R(+.uhgNC.M;...
27 B0 03 00 99 EE 34 A4 62 C9 2F A4 49 0B 09 21 '.....4.b./.I..!
B6 DC 75 B2 19 00 0F 0C 92 2A 55 1A 40 81 98 A5 ..u......*U.@...
4B 9B 2A 80 CA 00 42 14 AA 4A B7 29 D3 61 04 49 K.*...B..J.).a.I
36 2A 0C 3E 04 B0 E0 C1 E9 88 39 4E 27 75 53 22 6*.>......9N'uS"
82 41 3F 78 F2 34 A0 A3 27 EE 04 83 74 E7 3E E0 .A?x.4..'...t.>.
AD 3B E9 83 01 BD 74 F5 46 20 B0 8D 2B 05 9E 42 .;....t.F ..+..B
13 47 A4 08 00 28 3D 82 1F 1C 9B 23 58 10 B1 62 .G...(=....#X..b
73 7A 60 CD 2C E7 72 E3 00 A1 73 46 64 42 D5 A1 sz`.,.r...sFdB..
83 87 0D 1B 3C 94 6E B5 51 16 8C 56 BC 48 2B 2C ...<.n.Q..V.H+,
B6 D1 C3 B6 17 FE 68 A7 DC FD E7 52 8A 3D 3D 30 ......h....R.==0
C5 FA 50 BA 86 33 40 26 93 8B 14 AD BC B9 F3 4E ..P..3@&.......N
B1 56 03 E7 CD 63 E5 DC 72 75 F7 02 C6 BE BD 5C .V...c..ru.....\
58 21 A7 28 28 A5 28 4F A9 99 0D 03 C6 D3 BE E4 X!.((.(O.......
21 40 D2 00 69 94 7E 90 30 5F A9 9E 5A 14 C4 2E !@..i.~.0_..Z...
45 CD D4 29 2F A4 49 41 80 9A 04 4A 25 82 1C 7B E..)/.IA...J%..{
F6 F1 E2 1E FF 03 01 C0 42 60 52 F1 25 75 5E 7A ........B`R.%u^z
49 ED D2 1F 0D 00 32 28 C1 86 FD 7D 90 94 1E D4 I....2(...}....
85 F8 05 32 38 74 72 E0 73 24 19 95 E2 32 28 B6 ...28tr.s$...2(.
78 62 72 22 C6 28 A3 8C 24 9E A8 A2 8A 26 BE C8 xbr".(..$....&..
DC 72 36 6A 61 CD 5A 6C 2C F1 C6 1B 41 B6 31 00 .r6ja.Zl,...A.1.
31 33 26 A9 E4 92 0A 21 41 06 88 38 FC E6 C1 94 13&....!A..8....
34 EC 50 80 21 0E 14 C6 E4 96 5C F2 B1 48 23 27 4.P.!.....\..H#'
88 C1 46 00 5A 56 E3 24 15 57 74 A9 A6 0F CC AC ..F.ZV.$.Wt.....
59 47 24 55 94 19 06 23 45 D6 59 A7 15 6E 02 D1 YG$U...#E.Y..n..
62 8A 30 E9 79 5C 9E 22 0C 10 8D 34 8E 98 40 A7 b.0.y\."...4..@.
00 D9 E4 97 45 07 10 88 00 01 45 43 14 50 9A 3E ....E.....EC.P.>
A2 18 31 D3 07 97 09 65 40 6E 9B 89 F0 92 64 E6 ..1....e@n....d.
98 11 8A 49 2A 82 7A C0 00 6D EE E8 4C 49 2F 36 ...I*.z..m..LI/6
A7 43 21 D8 48 93 A5 0D 4F 49 43 46 5B 10 6C 08 .C!.H..OICF[.l.
41 58 0C DC 6A 2B 04 2C 00 61 10 77 78 E5 75 97 AX..j+.,.a.wx.u.
3A DD E5 45 66 10 A0 CE 17 92 0F C3 06 24 6A B4 :..Ef........$j.
E5 4C 6B 59 FF 44 06 64 6B 99 06 16 5C 72 C7 50 .LkY.D.dk...\r.P
FA 40 34 D0 74 98 74 60 9F 2B 38 9A C8 0C AB 40 .@4.t.t`.+8....@
B0 21 96 3F 5D 48 D0 8D 04 7D D9 D0 41 47 EB 88 .!.?]H...}..AG..
80 5E 76 C8 16 8B CE 1C 03 44 70 1D 77 3D 00 44 .^v......Dp.w=.D
4F 66 A0 44 C1 D2 15 81 7C 46 13 B7 0D E7 D4 AD Of.D....|F.....
C1 D5 AE D7 DA 69 99 F8 83 91 04 A0 A1 CB E2 51 .....i.........Q
E7 3E 05 61 01 F6 7D D0 82 A2 4E 9C 7B 89 B9 EF .>.a..}...N.{...
99 7C 72 0B 1E 0F 11 0B 05 01 78 E8 06 5B B6 BE .|r.......x..[..
11 D6 5B 40 F8 AB D7 40 58 68 87 69 BF D5 2A 6A ..[@...@Xh.i..*j
80 05 D3 F9 98 4A 01 4C B3 96 63 AB 24 3C 7D 60 .....J.L..c.$<}`
0A A9 94 E6 D3 9E E9 EE A9 F5 9F 80 FA 25 42 60 .............%B`
78 D5 3C 5F 47 79 F9 5C 2F 0F 9A A4 E1 E1 87 03 x.<_Gy.\/.......
BC 74 D3 36 1B B6 5D E5 8B ED BD B7 50 0A 70 6F .t.6..].....P.po
38 9B 6F 1E 50 A0 37 BD AC 71 F4 41 DB 03 6C 98 8.o.P.7..q.A..l.
D6 0B 1F 14 26 01 63 3B D2 F1 02 D3 1B D2 A7 40 ....&.c;.......@
22 1B 32 B6 91 1D 71 CF 10 DB 0B 84 1B 7E 93 3F ".2...q......~.?
91 E7 E7 8A FF 02 0B 32 90 66 D7 26 27 9D 1A 7D .......2.f.&'..}
62 65 2B 36 99 F0 80 A7 09 C9 4B 21 2D DE DA 4B be+6......K!-..K
59 9E F1 82 88 A0 87 55 58 D6 FC 9E 94 53 2A AF Y......UX....S*.
1C F2 83 0C F8 A3 09 CB 6E 4D CE 7B 59 C8 9F 26 ........nM.{Y..&
1E 56 1F A4 56 BC 11 BF 23 22 72 F2 A8 77 CF C5 .V..V...#"r..w..
A8 E0 17 B5 49 9F 51 1B B3 35 9F CE 79 AF FE FA ....I.Q..5..y...
5B 14 95 75 F8 5B 71 A1 C2 00 DD C0 69 A7 03 B9 [..u.[q.....i...
CE C0 FE FE FC DF 10 85 FD 55 58 5C 2B 72 A0 02 .........UX\+r..
0A 00 69 09 A7 EB 9F 02 F3 D4 15 36 40 C0 09 5D ..i........6@..]
60 14 15 20 00 AF 05 5A 30 49 F2 80 13 05 FD D7 `.. ...Z0I......
10 00 B6 E1 51 06 3A 81 07 CE 14 80 00 00 11 00 ....Q.:.........
00 00 06 00 00 00 EA 05 00 00 10 00 00 00 19 00 ................
00 00 2F 65 74 63 2F 6C 6F 63 61 6C 74 69 6D 65 ../etc/localtime
00 00 28 66 1E 40 11 00 00 00 72 70 63 5F 64 65 ..(f.@....rpc_de
63 6F 64 65 00 00 11 00 00 00 C0 62 0B 08 1C 16 code.......b....
07 08 D0 62 0B 08 11 00 00 00 62 6F 00 00 00 00 ...b......bo....
00 00 00 00 00 00 11 00 00 00 E0 62 0B 08 38 1A ...........b..8.
07 08 F0 62 0B 08 11 00 00 00 74 65 6C 6E 65 74 ...b......telnet
5F 6E 65 67 00 00 11 00 00 00 00 63 0B 08 38 1A _neg.......c..8.
07 08 18 63 0B 08 19 00 00 00 74 65 6C 6E 65 74 ...c......telnet
5F 6E 65 67 6F 74 69 61 74 69 6F 6E 00 00 11 00 _negotiation....
00 00 28 63 0B 08 38 1A 07 08 40 63 0B 08 19 00 ..(c..8...@c....
00 00 74 65 6C 6E 65 74 5F 64 65 63 6F 64 65 00 ..telnet_decode.
00 00 00 00 00 00 11 00 00 00 50 63 0B 08 50 3E ..........Pc..P>
07 08 60 63 0B 08 11 00 00 00 73 74 72 65 61 6D ..`c......stream
34 00 00 00 00 00 11 00 00 00 70 63 0B 08 80 44 4.........pc...D
07 08 88 63 0B 08 19 00 00 00 73 74 72 65 61 6D ...c......stream
34 5F 72 65 61 73 73 65 6D 62 6C 65 00 00 11 00 4_reassemble....
00 00 98 63 0B 08 68 71 07 08 A8 63 0B 08 11 00 ...c..hq...c....
00 00 66 72 61 67 32 00 00 00 00 00 00 00 11 00 ..frag2.........
00 00 B8 63 0B 08 50 80 07 08 C8 63 0B 08 11 00 ...c..P....c....
00 00 61 72 70 73 70 6F 6F 66 00 00 00 00 11 00 ..arpspoof......
00 00 D8 63 0B 08 44 81 07 08 00 00 00 00 21 00 ...c..D.......!.
00 00 61 72 70 73 70 6F 6F 66 5F 64 65 74 65 63 ..arpspoof_detec
74 5F 68 6F 73 74 00 00 00 00 00 00 00 00 19 00 t_host..........
00 00 D0 6A 0B 08 0C 85 05 08 E0 6A 0B 08 00 00 ...j.......j....
00 00 00 00 00 00 11 04 00 00 EC 2E 0C 9B 5C D6 ..............\.
D5 9B 0C B8 D9 9C 0C BF A4 9D 0C 25 A7 9E 0C 16 ...........%....
97 9F 8C 41 90 A0 0C F8 76 A1 8C 23 70 A2 0C DA ...A....v..#p...
56 A3 8C 05 50 A4 0C BC 36 A5 8C 5B 25 A6 8C C1 V...P...6..[%...
27 A7 8C E3 5E A8 8C A3 07 A9 0C 5A EE A9 8C 85 '...^......Z....
E7 AA 0C E2 27 AC 8C 67 C7 AC 0C 66 ED AD 8C 49 ....'..g...f...I
A7 AE 8C 99 CE AF 8C 2B 87 B0 8C 1E B1 B1 0C 48 .......+.......H
70 B2 0C 52 92 B3 0C 2A 50 B4 8C 85 73 B5 0C 0C p..R...*P...s...
30 B6 0C B9 54 B7 0C EE 0F B8 8C 78 40 B9 0C D0 0...T......x@...
EF B9 8C 71 18 BB 8C EC D8 BB 0C A5 F9 BC 8C CE ...q............
B8 BD 8C D8 DA BE 8C B0 98 BF 8C 5D BD C0 8C 92 ...........]....
78 C1 8C CB A7 C2 5C 5D DC C2 70 74 58 C3 70 C4 x.....\]..ptX.p.
7F C4 70 56 38 C5 F0 F7 60 C6 F0 72 21 C7 D0 03 .pV8...`..r!...
46 C8 10 4B E7 CC 90 17 A9 CD 10 43 A2 CE 10 34 F..K.......C...4
92 CF 10 25 82 D0 10 16 72 D1 90 40 4E D2 70 FD ...%....r..@N.p.
2A 0D 90 63 A4 0D 10 1A 8B 0E 90 45 84 0F 90 36 *.c......E...6
74 10 90 27 64 11 90 18 54 12 10 44 4D 13 90 FA t..'d...T..DM...
33 14 90 EB 23 15 90 DC 13 16 90 CD 03 17 90 BE 3...#...........
F3 17 90 AF E3 18 90 A0 D3 19 90 91 C3 1A 10 BD ................
BC 1B 10 AE AC 1C 10 9F 9C 1D 10 90 8C 1E 10 81 ................
7C 1F 10 72 6C 20 10 63 5C 21 10 54 4C 22 10 45 |..rl .c\!.TL".E
3C 23 10 36 2C 24 10 27 1C 25 10 18 0C 26 90 43 <#.6,$.'.%...&.C
05 27 90 34 F5 27 90 25 E5 28 90 16 D5 29 90 07 .'.4.'.%.(...)..
C5 2A 90 F8 B4 2B 90 E9 A4 2C 90 DA 94 2D 90 CB .*...+...,...-..
84 2E 90 BC 74 2F 90 AD 64 30 10 D9 5D 31 10 B4 ....t/..d0..]1..
72 32 10 BB 3D 33 10 96 52 34 10 9D 1D 35 10 78 r2..=3..R4...5.x
32 36 10 7F FD 36 90 94 1B 38 10 61 DD 38 90 76 26..6...8.a.8.v
FB 39 10 43 BD 3A 90 58 DB 3B 90 5F A6 3C 90 3A .9.C.:.X.;._.<.:
BB 3D 90 41 86 3E 90 1C 9B 3F 90 23 66 40 10 39 .=.A.>...?.#f@.9
84 41 90 05 46 42 10 1B 64 43 90 E7 25 44 10 FD .A..FB..dC..%D..
43 45 90 C9 05 46 10 DF 23 47 10 E6 EE 47 10 C1 CE...F..#G...G..
03 49 10 C8 CE 49 10 A3 E3 4A 10 AA AE 4B 90 BF .I...I...J...K..
CC 4C 10 8C 8E 4D 90 A1 AC 4E 10 6E 6E 4F 90 83 .L...M...N.nnO..
8C 50 90 8A 57 51 90 65 6C 52 90 6C 37 53 90 47 .P..WQ.elR.l7S.G
4C 54 90 4E 17 55 90 29 2C 56 90 30 F7 56 10 46 LT.N.U.),V.0.V.F
15 58 90 12 D7 58 10 28 F5 59 90 F4 B6 5A 10 0A .X...X.(.Y...Z..
D5 5B 10 11 A0 5C 10 EC B4 5D 10 F3 7F 5E 10 CE .[...\...]..^..
94 5F 10 D5 5F 60 90 EA 7D 61 10 B7 3F 62 90 CC ._.._`..}a..?b..
5D 63 10 99 1F 64 90 AE 3D 65 90 B5 08 66 90 90 ]c...d..=e...f..
1D 67 90 97 E8 67 90 72 FD 68 90 79 C8 69 90 54 .g...g.r.h.y.i.T
DD 6A 90 5B A8 6B 10 71 C6 6C 90 3D 88 6D 10 53 .j.[.k.q.l.=.m.S
A6 6E 90 1F 68 6F 10 35 86 70 10 3C 51 71 10 17 .n..ho.5.p.<Qq..
66 72 10 1E 31 73 10 F9 45 74 10 00 11 75 90 15 fr..1s..Et...u..
2F 76 10 E2 F0 76 90 F7 0E 78 10 C4 D0 78 90 D9 /v...v...x...x..
EE 79 10 A6 B0 7A 90 BB CE 7B 90 C2 99 7C 90 9D .y...z...{...|..
AE 7D 90 A4 79 7E 90 7F 8E 7F 00 01 02 03 02 03 .}..y~........
02 03 02 03 02 03 02 03 02 03 02 03 02 03 02 03 ................
02 03 02 03 02 03 02 03 02 03 02 03 02 03 02 03 ................
02 03 02 03 02 06 04 05 04 05 04 09 07 08 07 08 ................
07 08 07 0C 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B ................
0A 0B 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B ................
0A 0B 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B ................
0A 0B 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B ................
0A 0B 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B ................
0A 0B 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B ................
0A 0B 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B ................
0A 0B 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B 0A 0B A4 12 ................
00 00 01 00 00 00 94 04 00 00 00 04 00 00 A4 12 ................
00 00 01 00 01 00 94 04 00 00 00 04 01 00 B0 04 ................
00 00 00 08 01 00 C0 12 00 00 01 0C 01 00 C0 12 ................
00 00 01 0C 00 00 10 0E 00 00 00 11 01 00 20 1C .............. .
00 00 01 15 01 00 20 1C 00 00 01 15 00 00 20 1C ...... ....... .
00 00 01 15 01 01 10 0E 00 00 00 11 01 01 10 0E ................
00 00 00 11 00 00 4E 53 54 00 41 4D 54 00 4E 45 ......NST.AMT.NE
54 00 4E 45 53 54 00 43 45 54 00 43 45 53 54 00 T.NEST.CET.CEST.
00 00 00 00 00 00 11 00 00 00 30 68 0B 08 03 00 ..........0h....
00 00 4E 53 54 00 11 00 00 00 40 68 0B 08 03 00 ..NST.....@h....
00 00 41 4D 54 00 11 00 00 00 50 68 0B 08 03 00 ..AMT.....Ph....
00 00 4E 45 54 00 19 00 00 00 68 68 0B 08 04 00 ..NET.....hh....
00 00 4E 45 53 54 00 00 00 00 00 00 00 00 11 00 ..NEST..........
00 00 78 68 0B 08 03 00 00 00 43 45 54 00 19 00 ..xh......CET...
00 00 00 00 00 00 04 00 00 00 43 45 53 54 00 00 ..........CEST..
00 00 00 00 00 00 11 00 00 00 A0 68 0B 08 08 9C ...........h....
05 08 B0 68 0B 08 11 00 00 00 68 74 74 70 5F 64 ...h......http_d
65 63 6F 64 65 00 11 00 00 00 C0 68 0B 08 40 9C ecode......h..@.
05 08 D8 68 0B 08 19 00 00 00 68 74 74 70 5F 64 ...h......http_d
65 63 6F 64 65 5F 69 67 6E 6F 72 65 00 00 11 00 ecode_ignore....
00 00 E8 68 0B 08 0C B3 05 08 F8 68 0B 08 11 00 ...h.......h....
00 00 70 6F 72 74 73 63 61 6E 00 00 00 00 11 00 ..portscan......
00 00 08 69 0B 08 A8 BB 05 08 28 69 0B 08 21 00 ...i......(i..!.
00 00 70 6F 72 74 73 63 61 6E 2D 69 67 6E 6F 72 ..portscan-ignor
65 68 6F 73 74 73 00 00 00 00 00 00 00 00 11 00 ehosts..........
00 00 38 69 0B 08 50 FE 05 08 48 69 0B 08 11 00 ..8i..P...Hi....
00 00 64 65 66 72 61 67 00 00 00 00 00 00 11 00 ..defrag........
00 00 58 69 0B 08 58 54 06 08 68 69 0B 08 11 00 ..Xi..XT..hi....
00 00 73 74 72 65 61 6D 32 00 00 00 00 00 11 00 ..stream2.......
00 00 78 69 0B 08 88 70 06 08 88 69 0B 08 11 00 ..xi...p...i....
00 00 73 70 61 64 65 00 00 00 00 00 00 00 11 00 ..spade.........
00 00 98 69 0B 08 5C 74 06 08 B0 69 0B 08 19 00 ...i..\t...i....
00 00 73 70 61 64 65 2D 68 6F 6D 65 6E 65 74 00 ..spade-homenet.
00 00 00 00 00 00 11 00 00 00 C0 69 0B 08 54 76 ...........i..Tv
06 08 D0 69 0B 08 11 00 00 00 73 70 61 64 65 2D ...i......spade-
73 74 61 74 73 00 11 00 00 00 E0 69 0B 08 54 77 stats......i..Tw
06 08 F8 69 0B 08 19 00 00 00 73 70 61 64 65 2D ...i......spade-
74 68 72 65 73 68 6C 65 61 72 6E 00 00 00 11 00 threshlearn.....
00 00 08 6A 0B 08 B4 79 06 08 18 6A 0B 08 11 00 ...j...y...j....
00 00 73 70 61 64 65 2D 61 64 61 70 74 00 11 00 ..spade-adapt...
00 00 28 6A 0B 08 80 7E 06 08 40 6A 0B 08 19 00 ..(j...~..@j....
00 00 73 70 61 64 65 2D 61 64 61 70 74 32 00 00 ..spade-adapt2..
00 00 00 00 00 00 11 00 00 00 50 6A 0B 08 BC 8A ..........Pj....
06 08 68 6A 0B 08 19 00 00 00 73 70 61 64 65 2D ..hj......spade-
61 64 61 70 74 33 00 00 00 00 00 00 00 00 11 00 adapt3..........
00 00 78 6A 0B 08 A4 91 06 08 90 6A 0B 08 19 00 ..xj.......j....
00 00 73 70 61 64 65 2D 73 75 72 76 65 79 00 00 ..spade-survey..
00 00 00 00 00 00 11 00 00 00 A0 6A 0B 08 BC 09 ...........j....
07 08 B0 6A 0B 08 11 00 00 00 75 6E 69 64 65 63 ...j......unidec
6F 64 65 00 00 00 11 00 00 00 A0 62 0B 08 30 14 ode........b..0.
07 08 B0 62 0B 08 11 00 00 00 06 00 00 00 EA 05 ...b............
00 00 00 00 00 00 11 00 00 00 63 6F 6E 74 65 6E ..........conten
74 00 00 00 00 00 11 00 00 00 F0 6A 0B 08 94 84 t..........j....
05 08 08 6B 0B 08 19 00 00 00 63 6F 6E 74 65 6E ...k......conten
74 2D 6C 69 73 74 00 00 00 00 00 00 00 00 11 00 t-list..........
00 00 18 6B 0B 08 7C 85 05 08 28 6B 0B 08 11 00 ...k..|...(k....
00 00 6F 66 66 73 65 74 00 00 00 00 00 00 11 00 ..offset........
00 00 38 6B 0B 08 34 86 05 08 48 6B 0B 08 11 00 ..8k..4...Hk....
00 00 64 65 70 74 68 00 00 00 00 00 00 00 11 00 ..depth.........
00 00 58 6B 0B 08 EC 86 05 08 68 6B 0B 08 11 00 ..Xk......hk....
00 00 6E 6F 63 61 73 65 00 00 00 00 00 00 11 00 ..nocase........
00 00 78 6B 0B 08 7C 87 05 08 88 6B 0B 08 11 00 ..xk..|....k....
00 00 72 65 67 65 78 00 00 00 00 00 00 00 11 00 ..regex.........
00 00 98 6B 0B 08 44 85 05 08 A8 6B 0B 08 11 00 ...k..D....k....
00 00 75 72 69 63 6F 6E 74 65 6E 74 00 00 11 00 ..uricontent....
00 00 B8 6B 0B 08 E0 90 05 08 C8 6B 0B 08 11 00 ...k.......k....
00 00 66 6C 61 67 73 00 00 00 00 00 00 00 11 00 ..flags.........
00 00 D8 6B 0B 08 FC 92 05 08 E8 6B 0B 08 11 00 ...k.......k....
00 00 69 74 79 70 65 00 00 00 00 00 00 00 11 00 ..itype.........
00 00 F8 6B 0B 08 04 94 05 08 08 6C 0B 08 11 00 ...k.......l....
00 00 69 63 6F 64 65 00 00 00 00 00 00 00 11 00 ..icode.........
00 00 18 6C 0B 08 0C 95 05 08 28 6C 0B 08 11 00 ...l......(l....
00 00 74 74 6C 00 00 00 00 00 00 00 00 00 11 00 ..ttl...........
00 00 38 6C 0B 08 C8 97 05 08 48 6C 0B 08 11 00 ..8l......Hl....
00 00 69 64 00 00 00 00 00 00 00 00 00 00 11 00 ..id............
00 00 58 6C 0B 08 90 98 05 08 68 6C 0B 08 11 00 ..Xl......hl....
00 00 61 63 6B 00 00 00 00 00 00 00 00 00 11 00 ..ack...........
00 00 78 6C 0B 08 7C 99 05 08 88 6C 0B 08 11 00 ..xl..|....l....
00 00 73 65 71 00 00 00 00 00 00 00 00 00 11 00 ..seq...........
00 00 98 6C 0B 08 78 9A 05 08 A8 6C 0B 08 ...l..x....l..
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Current thread:
- Large ICMP Packets with strange payload Brennan Bakke (Jan 09)
- Re: Large ICMP Packets with strange payload Eric Landuyt (Jan 09)
- Re: Large ICMP Packets with strange payload Russell Fulton (Jan 09)
- Re: Large ICMP Packets with strange payload Eric Landuyt (Jan 09)