Security Incidents mailing list archives
Re: Suspicious traffic w src & dst port 19161
From: tony sena <tsena69 () gmail com>
Date: 19 May 2005 11:37:20 -0000
In-Reply-To: <4f0e191c05042820586afb229b () mail gmail com> Hello, Either of you two get a trace on that traffic? Packet capture or any other details. I have been following the discussion on the ISC Handlers Diary and there haven't been updates by anyone. Just curious, and I wouldn't mind taking a look at that raw datagram. Sincerely, Tony
Received: (qmail 29110 invoked from network); 29 Apr 2005 16:02:16 -0000 Received: from outgoing.securityfocus.com (HELO outgoing3.securityfocus.com) (205.206.231.27) by mail.securityfocus.com with SMTP; 29 Apr 2005 16:02:16 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) by outgoing3.securityfocus.com (Postfix) with QMQP id EE1E7237852; Fri, 29 Apr 2005 10:09:03 -0600 (MDT) Mailing-List: contact incidents-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <incidents.list-id.securityfocus.com> List-Post: <mailto:incidents () securityfocus com> List-Help: <mailto:incidents-help () securityfocus com> List-Unsubscribe: <mailto:incidents-unsubscribe () securityfocus com> List-Subscribe: <mailto:incidents-subscribe () securityfocus com> Delivered-To: mailing list incidents () securityfocus com Delivered-To: moderator for incidents () securityfocus com Received: (qmail 32214 invoked from network); 29 Apr 2005 04:25:34 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=riy2/VLNDp0IeoC1nJ6k8Gd90uoPe0akGUZRYiqbkXwkGAnBYjC8oXYX8EuzGEpICmsz6dsUB1k3bDRZ349+/ts2kCKUT4GjMy5QE/7eTx+H97O1H43IfO3Sb7suacQZ1AljjH9Etns/fJuRDdyTMMo0UIIkkb6By3BqLRXDKOs= Message-ID: <4f0e191c05042820586afb229b () mail gmail com> Date: Thu, 28 Apr 2005 22:58:37 -0500 From: Kyle Maxwell <krmaxwell () gmail com> Reply-To: Kyle Maxwell <krmaxwell () gmail com> To: "Fergie (Paul Ferguson)" <fergdawg () netzero net> Subject: Re: Suspicious traffic w src & dst port 19161 Cc: incidents () securityfocus com In-Reply-To: <20050428.130325.10859.8881 () webmail01 lax untd com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <20050428.130325.10859.8881 () webmail01 lax untd com> On 4/28/05, Fergie (Paul Ferguson) <fergdawg () netzero net> wrote:Any ideas? I can probably get a trace, but I thought I would ask the list first..A trace would indeed be helpful. There was some discussion of what might be related traffic on the Internet Storm Center last spring; see http://isc.sans.org/diary.php?date=3D2004-05-18. Additional suggestions were provided in http://isc.sans.org/diary.php?date=3D2004-06-01 (to change the fragmentation detection settings). I didn't see any more discussion on the ISC, so unless someone else on the list knows more (hopefully!), your captures will probably be a big help. --=20 Kyle Maxwell [krmaxwell () gmail com] -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: Suspicious traffic w src & dst port 19161 tony sena (May 19)