Snort mailing list archives
attack hidden in path MTU discovery or snort 1.8.3 log weirdness? MISC Large ICMP Packet
From: Paul Keser <pkeser () mail arc nasa gov>
Date: Mon, 11 Feb 2002 09:18:13 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sorry for the long post. I wanted to include the strange portion of the payload. Environment: Mandrake 8.0 hardened with bastille. masq internal net Snort Version 1.8.3 (Build 88) with most recent rules as of 01/26/2002 homenet is set to ext addr of firewall with /32 mask I saw 2 packets in snort. They came up as follows: [**] [1:499:1] MISC Large ICMP Packet [**] [Classification: Potentially Bad Traffic] [Priority: 2] 02/08-16:05:06.276877 213.77.140.132 -> mynet.184.141 ICMP TTL:51 TOS:0x0 ID:0 IpLen:20 DgmLen:28 DF Type:8 Code:0 ID:51090 Seq:706 ECHO [Xref => http://www.whitehats.com/info/IDS246] Researching this most of the sightings turned out to be path MTU discovery. several things make me question this: 1. I didn't connect to a web server at this address (in Poland) 2. the datestamp, I worked from home 2/7/02, was in office 2/8/02 3. payload of the packet contains text from an email received 2/7/02 (that's where log weirdness ?? comes in) Any suggestions/explanations would be greatly appreciated. TIA - -PaulK - -- Paul D. Keser Sr. Network Security Engineer Raytheon, Inc. ITSS NASA Ames Research Ctr. MS 233-17 Moffett Field, CA 94035-1000 All opinions expressed are my own. Not Raytheon's or NASA's... I find that good security people are D&D players and tinkerers. -B Schneier See, I wasn't wasting time playing D&D & working on cars in high School. -Me - -- Here is the beginning of the payload, the remainder was nulls, both packets were identical: [**] MISC Large ICMP Packet [**] 02/08-16:05:06.276877 213.77.140.132 -> 64.195.184.141 ICMP TTL:51 TOS:0x0 ID:0 IpLen:20 DgmLen:28 DF Type:8 Code:0 ID:51090 Seq:706 ECHO 88 88 88 88 88 88 88 88 88 88 88 88 88 88 88 88 ................ 88 88 17 EE 53 53 48 2D 31 2E 30 2D 53 53 48 5F ....SSH-1.0-SSH_ 56 65 72 73 69 6F 6E 5F 4D 61 70 70 65 72 0A 00 Version_Mapper.. 90 CA 83 9F CE 3F 22 D7 3C 8A 04 95 CC 75 CC 5A .....?".<....u.Z 68 39 8A 6B E6 16 4D 10 C5 A2 56 78 09 B7 E2 D0 h9.k..M...Vx.... A5 9E A8 33 71 0F DA BD 2F 8B EA 8A 27 3F E4 A3 ...3q.../...'?.. 0D 81 F4 03 DA 1F D0 98 38 16 44 F7 23 4A 05 43 ........8.D.#J.C B9 20 7B 8C 58 01 36 7E 80 6D 31 4A D1 3A 21 F8 . {.X.6~.m1J.:!. 4D 48 AE 24 BD A7 66 0D B3 4D 7C 38 F3 4E F4 2C MH.$..f..M|8.N., 9D BB 5C 3F E9 38 62 79 15 92 76 4F FB E9 95 AD ..\?.8by..vO.... 31 E8 C9 16 8E CC 8A 5A B2 33 B6 09 65 AE 00 DD 1......Z.3..e... CF FC 43 2B 8F E7 20 CB 02 C4 4C 18 6D 45 D2 B7 ..C+.. ...L.mE.. 27 06 A0 3A CD 79 EF 31 41 72 FE C8 60 14 4A 69 '..:.y.1Ar..`.Ji CC DA 7E C9 9E 62 95 1F EE ED E9 C3 2E 15 48 F7 ..~..b........H. 4F A8 8F 2A B1 BE 39 89 74 5B 02 78 6E 95 A5 68 O..*..9.t[.xn..h 37 34 70 4C A3 6A B6 7C 7C 24 46 79 93 4B C3 28 74pL.j.||$Fy.K.( 23 AA 19 7E 0B 06 C5 A0 8C C1 FC 27 F2 B1 B9 47 #..~.......'...G 18 DF 51 13 7A CE 91 5C 6D 02 D2 27 0D 39 5D 08 ..Q.z..\m..'.9]. 96 9E 05 1F 24 91 81 5D CA 15 8F 4F DA 30 18 6B ....$..]...O.0.k EF 25 F9 53 9C A3 B6 E9 45 93 45 07 12 47 33 5A .%.S....E.E..G3Z 91 0B 3A 94 41 3E 2D 88 22 8E DD B4 9F 72 73 84 ..:.A>-."....rs. 64 D3 1D 15 13 5C DF 14 70 05 EA F3 80 0D 37 FA d....\..p.....7. 7C AD 5D 05 17 8A 12 F7 DE 4E E8 79 8F 3A 0F F9 |.]......N.y.:.. 0E 38 AA 87 26 97 F8 24 90 00 87 A9 25 49 C8 04 .8..&..$....%I.. CD 99 6E A1 A0 D5 C2 2E 53 8E 6E EB AE 56 67 2A ..n.....S.n..Vg* 49 CE 3E 31 EA AB C7 52 12 9A D5 DE E9 9B 18 63 I.>1...R.......c A7 85 2C 92 AA 76 83 25 F7 65 DE 01 92 0C E2 3B ..,..v.%.e.....; D7 14 46 D9 10 09 EF 15 A9 8D C6 72 C2 43 1C C4 ..F........r.C.. 3B CF 1E 78 F1 C6 B5 38 22 2B 6F D2 89 B5 FE A3 ;..x...8"+o..... 2E D4 CA 70 5B 9D 45 29 0D 2B 58 DE 9D ED 11 45 ...p[.E).+X....E 19 D7 A8 DD 02 03 61 CC A2 FB 67 1D 83 3F B2 4A ......a...g..?.J 1A A8 75 D4 A0 B7 F4 16 AD C7 5B D4 78 B4 B7 3E ..u.......[.x..> B0 60 3D 9A 9C 76 5E EE E5 84 DB 8B 9B 02 2F 27 .`=..v^......./' 33 98 BA 96 82 A9 11 EA 1E 62 1F FB 31 58 B5 CE 3........b..1X.. C3 74 C4 58 D2 E3 CD B1 00 00 00 CF F2 E6 E1 AB .t.X............ 25 D9 06 2E 71 F2 92 D7 3A 1D 63 C3 EB 79 37 76 %...q...:.c..y7v 0C D9 1E BA FF 7E F9 AC B8 14 22 82 4F DB 34 C0 .....~....".O.4. D6 69 49 3C 01 28 B4 A2 7C F8 31 5D 42 8E EF DA .iI<.(..|.1]B... C5 51 2F 2F B6 90 7B 0F 3F 82 27 B7 DF 7B 00 2D .Q//..{.?.'..{.- 1D 93 EE EE 12 36 8F F9 E3 67 F0 3B C4 5F 93 C2 .....6...g.;._.. 97 B7 79 90 20 D7 FB B9 75 3F F7 4C 19 D4 9F 90 ..y. ...u?.L.... AF 0F 74 8A 7D 99 AA FF BE D9 6E 2E 08 88 5E D4 ..t.}.....n...^. AB 3D BF E3 A1 90 05 1F A4 FA 7B 79 B9 09 1B 2A .=........{y...* 81 91 A0 56 B8 86 40 79 B8 77 AC EC DC 88 B4 9D ...V..@y.w...... 9D B5 40 41 3F BF D3 B9 39 BB 69 07 E0 E0 17 FE ..@A?...9.i..... B1 28 C8 6A 05 44 19 DC FD FF 06 7C D8 C8 81 E5 .(.j.D.....|.... 71 6B 32 6C 8B FB B4 78 28 69 1E 92 5B 33 8E DD qk2l...x(i..[3.. C0 7E 63 B2 53 FA AE F0 9C 12 60 02 62 30 D5 62 .~c.S.....`.b0.b 28 2B 1C 20 89 5D BC DB F3 FC 7A 91 C5 F3 3E 4A (+. .]....z...>J 8C 6D 78 14 A2 74 4C F1 2D 84 62 69 9C 44 B8 B5 .mx..tL.-.bi.D.. BD 60 64 51 22 A5 91 CF 4F 34 97 FE 07 26 1F 69 .`dQ"...O4...&.i D5 16 E1 27 9F 28 5B 37 C7 1E 8C 1F 5E 0D 5C 79 ...'.([7....^.\y 6C A4 19 80 7D FF A5 83 77 37 DF 81 D7 E3 DE 14 l...}...w7...... 0B 27 46 FE 93 28 74 87 0A 03 83 0F B9 73 3A 54 .'F..(t......s:T 81 86 05 B9 BD 30 73 9A 00 00 00 4F 1E 7A 11 36 .....0s....O.z.6 96 9D AB CF 18 B7 12 47 1A 6A BE 54 79 F3 CB 16 .......G.j.Ty... F6 D6 58 5C 50 10 9F 77 06 9A AD A4 2C 36 35 43 ..X\P..w....,65C 4D 6D 70 98 47 99 E3 81 84 67 92 E3 FE 27 7B F6 Mmp.G....g...'{. D1 CC 65 9E 73 2E FB A9 A2 4C 68 D5 09 63 D0 3F ..e.s....Lh..c.? 81 6F FA ED 94 A6 56 47 DF 03 5D 86 72 6E 20 52 .o....VG..].rn R 69 67 68 74 20 6F 6E 20 42 61 73 63 6F 6D 0D 0A ight on Bascom.. 54 75 72 6E 20 52 69 67 68 74 20 61 74 20 50 72 Turn Right at Pr 75 6E 65 79 61 72 64 20 65 6E 74 72 61 6E 63 65 uneyard entrance 0D 0A 0D 0A 46 6F 72 20 6D 6F 72 65 20 69 6E 66 ....For more inf 6F 20 61 62 6F 75 74 20 74 68 69 73 20 70 72 6F o about this pro 67 72 61 6D 2C 20 70 6C 65 61 73 65 20 76 69 73 gram, please vis 69 74 20 6F 75 72 20 77 65 62 73 69 74 65 20 6F it our website o 72 20 63 6F 6E 74 61 63 74 3A 0D 0A 46 61 6E 6E r contact:..Fann 79 20 41 2E 20 5A 75 6E 69 67 61 0D 0A 41 49 41 y A. Zuniga..AIA 41 2D 53 46 20 50 72 6F 67 72 61 6D 73 20 44 69 A-SF Programs Di 72 65 63 74 6F 72 0D 0A 45 6D 61 69 6C 3A 20 66 rector..Email: f 7A 75 6E 69 67 61 40 6D 61 69 6C 2E 61 72 63 2E zuniga () mail arc. 6E 61 73 61 2E 67 6F 76 0D 0A 56 6F 69 63 65 3A ####.gov..Voice: 20 28 36 35 30 29 20 36 30 34 2D 32 30 31 37 0D (650) 604-2017. 0A 68 74 74 70 3A 2F 2F 77 77 77 2E 61 69 61 61 .http://www.aiaa 2D 73 66 2E 6F 72 67 0D 0A 0D 0A 0D 0A 49 66 20 -sf.org......If 79 6F 75 20 77 6F 75 6C 64 20 6C 69 6B 65 20 74 you would like t 6F 20 72 65 73 70 6F 6E 64 20 74 6F 20 74 68 69 o respond to thi 73 20 6D 65 6D 6F 20 65 6C 65 63 74 72 6F 6E 69 s memo electroni 63 61 6C 6C 79 2C 20 79 6F 75 20 6D 61 79 20 64 cally, you may d 6F 20 73 6F 20 62 79 0D 0A 64 6F 75 62 6C 65 2D o so by..double- 63 6C 69 63 6B 69 6E 67 20 74 68 65 20 66 6F 6C clicking the fol 6C 6F 77 69 6E 67 3A 20 6D 61 69 6C 74 6F 3A 66 lowing: mailto:f 7A 75 6E 69 67 61 40 6D 61 69 6C 2E 61 72 63 2E zuniga () mail arc. 6E 61 73 61 2E 67 6F 76 2E 20 0D 0A 0D 0A 20 20 ####.gov. .... 20 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F _______________ 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F ________________ 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F ________________ 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F ________________ 5F 5F 5F 5F 5F 5F 0D 0A 0D 0A 54 6F 20 73 65 61 ______....To sea 72 63 68 20 66 6F 72 20 70 61 73 74 20 43 65 6E rch for past Cen 74 65 72 77 69 64 65 20 6D 61 69 6C 00 00 00 00 terwide mail.... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 ................ 00 00 40 A5 0C 08 58 A5 0C 08 00 00 00 00 78 B5 ..@...X.......x. 0C 08 70 B9 0C 08 19 00 00 00 65 74 68 30 5F 41 ..p.......eth0_A 44 44 52 45 53 53 00 00 00 00 00 00 00 00 29 00 DDRESS........). 00 00 36 34 2E 31 39 35 2E 31 38 34 2E 31 34 30 ..mynet.184.140 2F 32 35 35 2E 32 35 35 2E 32 35 35 2E 32 35 32 /255.255.255.252 00 00 00 00 00 00 11 00 00 00 06 00 00 00 EA 05 ................ 00 00 10 00 00 00 19 00 00 00 2F 65 74 63 2F 6C ........../etc/l 6F 63 61 6C 74 69 6D 65 00 00 48 6C 18 40 19 00 ocaltime..Hl.@.. 00 00 74 65 6C 6E 65 74 5F 64 65 63 6F 64 65 00 ..telnet_decode. 00 00 00 00 00 00 11 00 00 00 73 74 72 65 61 6D ..........stream 34 00 00 00 00 00 11 00 00 00 E0 A5 0C 08 60 5D 4.............`] 07 08 F8 A5 0C 08 19 00 00 00 73 74 72 65 61 6D ..........stream 34 5F 72 65 61 73 73 65 6D 62 6C 65 00 00 11 00 4_reassemble.... 00 00 08 A6 0C 08 70 8E 07 08 18 A6 0C 08 11 00 ......p......... 00 00 66 72 61 67 32 00 00 00 00 00 00 00 11 00 ..frag2......... 00 00 28 A6 0C 08 E0 9E 07 08 38 A6 0C 08 11 00 ..(.......8..... 00 00 61 72 70 73 70 6F 6F 66 00 00 00 00 11 00 ..arpspoof...... 00 00 48 A6 0C 08 F0 9F 07 08 00 00 00 00 21 00 ..H...........!. 00 00 61 72 70 73 70 6F 6F 66 5F 64 65 74 65 63 ..arpspoof_detec 74 5F 68 6F 73 74 00 00 00 00 00 00 00 00 11 00 t_host.......... 00 00 78 A6 0C 08 E0 90 05 08 88 A6 0C 08 11 00 ..x............. 00 00 63 6F 6E 74 65 6E 74 00 00 00 00 00 11 00 ..content....... 00 00 98 A6 0C 08 60 90 05 08 B0 A6 0C 08 19 00 ......`......... 00 00 63 6F 6E 74 65 6E 74 2D 6C 69 73 74 00 00 ..content-list.. 00 00 00 00 00 00 11 00 00 00 C0 A6 0C 08 60 91 ..............`. 05 08 D0 A6 0C 08 11 00 00 00 6F 66 66 73 65 74 ..........offset 00 00 00 00 00 00 11 00 00 00 E0 A6 0C 08 20 92 .............. . 05 08 F0 A6 0C 08 11 00 00 00 64 65 70 74 68 00 ..........depth. 00 00 00 00 00 00 11 00 00 00 00 A7 0C 08 E0 92 ................ 05 08 D8 AD 0C 08 19 00 00 00 6E 6F 63 61 73 65 ..........nocase 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C9 03 ................ 00 00 A0 BD B8 9E 90 5B C0 9F A0 1A 89 CB 10 26 .......[.......& 61 D2 20 0F 76 D3 10 7D 53 D4 20 F1 55 D5 10 EA a. .v..}S. .U... 20 D6 20 D3 35 D7 10 CC 00 D8 20 B5 15 D9 10 AE . .5..... ..... E0 D9 A0 D1 FE DA 10 90 C0 DB A0 B3 DE DC 90 AC ................ A9 DD A0 95 BE DE 90 8E 89 DF A0 77 9E E0 90 70 ...........w...p 69 E1 A0 59 7E E2 90 52 49 E3 A0 3B 5E E4 90 34 i..Y~..RI..;^..4 29 E5 20 58 47 E6 10 51 12 E7 20 3A 27 E8 10 33 ). XG..Q.. :'..3 F2 E8 20 1C 07 EA 10 15 D2 EA 20 FE E6 EB 10 F7 .. ....... ..... B1 EC 20 E0 C6 ED 10 D9 91 EE A0 FC AF EF 10 BB .. ............. 71 F0 A0 DE 8F F1 90 C1 7F F2 A0 C0 6F F3 90 A3 q...........o... 5F F4 A0 A2 4F F5 90 85 3F F6 A0 84 2F F7 10 A2 _...O...?.../... 28 F8 A0 66 0F F9 10 84 08 FA 20 83 F8 FA 10 66 (..f...... ....f E8 FB 20 65 D8 FC 10 48 C8 FD 20 47 B8 FE 10 2A .. e...H.. G...* A8 FF 20 29 98 00 10 0C 88 01 20 0B 78 02 90 28 .. )...... .x..( 71 03 A0 27 61 04 90 0A 51 05 A0 09 41 06 90 EC q..'a...Q...A... 30 07 A0 EB 20 08 90 CE 10 09 A0 CD 00 0A 90 B0 0... ........... F0 0A A0 AF E0 0B 10 CD D9 0C A0 91 C0 0D 10 AF ................ B9 0E 20 AE A9 0F 10 91 99 10 20 90 89 11 10 73 .. ....... ....s 79 12 20 72 69 13 10 55 59 14 20 54 49 15 10 37 y. ri..UY. TI..7 39 16 20 36 29 17 90 53 22 18 20 18 09 19 90 35 9. 6)..S". ....5 02 1A A0 34 F2 1A 90 17 E2 1B A0 16 D2 1C 90 F9 ...4............ C1 1D A0 F8 B1 1E 90 DB A1 1F 20 2B 76 20 90 BD .......... +v .. 81 21 20 0D 56 22 10 DA 6A 23 20 EF 35 24 10 BC .! .V"..j# .5$.. 4A 25 20 D1 15 26 10 9E 2A 27 A0 ED FE 27 10 80 J% ..&..*'...'.. 0A 29 A0 CF DE 29 10 62 EA 2A A0 B1 BE 2B 90 7E .)...).b.*...+.~ D3 2C A0 93 9E 2D 90 60 B3 2E A0 75 7E 2F 90 42 .,...-.`...u~/.B 93 30 20 92 67 31 90 24 73 32 20 74 47 33 90 06 .0 .g1.$s2 tG3.. 53 34 20 56 27 35 90 E8 32 36 20 38 07 37 10 05 S4 V'5..26 8.7.. 1C 38 20 1A E7 38 10 E7 FB 39 20 FC C6 3A 10 C9 .8 ..8...9 ..:.. DB 3B A0 18 B0 3C 10 AB BB 3D A0 FA 8F 3E 10 8D .;...<...=...>.. 9B 3F A0 DC 6F 40 90 A9 84 41 A0 BE 4F 42 90 8B .?..o () A OB.. 64 43 A0 A0 2F 44 90 6D 44 45 A0 82 0F 46 90 4F dC../D.mDE...F.O 24 47 20 9F F8 47 90 31 04 49 20 81 D8 49 90 13 $G ..G.1.I ..I.. E4 4A 20 63 B8 4B 10 30 CD 4C 20 45 98 4D 10 12 .J c.K.0.L E.M.. AD 4E 20 27 78 4F 10 F4 8C 50 A0 43 61 51 10 D6 .N 'xO...P.CaQ.. 6C 52 A0 25 41 53 10 B8 4C 54 A0 07 21 55 10 9A lR.%AS..LT..!U.. 2C 56 A0 E9 00 57 90 B6 15 58 A0 CB E0 58 90 98 ,V...W...X...X.. F5 59 A0 AD C0 5A 90 7A D5 5B 20 CA A9 5C 90 5C .Y...Z.z.[ ..\.\ B5 5D 20 AC 89 5E 90 3E 95 5F 20 8E 69 60 10 5B .] ..^.>._ .i`.[ 7E 61 20 70 49 62 10 3D 5E 63 20 52 29 64 10 1F ~a pIb.=^c R)d.. 3E 65 A0 6E 12 66 10 01 1E 67 A0 50 F2 67 10 E3 >e.n.f...g.P.g.. FD 68 A0 32 D2 69 10 C5 DD 6A A0 14 B2 6B 90 E1 .h.2.i...j...k.. C6 6C A0 F6 91 6D 90 C3 A6 6E A0 D8 71 6F 90 A5 .l...m...n..qo.. 86 70 20 F5 5A 71 90 87 66 72 20 D7 3A 73 90 69 .p .Zq..fr .:s.i 46 74 20 B9 1A 75 10 86 2F 76 20 9B FA 76 10 68 Ft ..u../v ..v.h 0F 78 20 7D DA 78 10 4A EF 79 20 5F BA 7A 10 2C .x }.x.J.y _.z., CF 7B A0 7B A3 7C 10 0E AF 7D A0 5D 83 7E 10 F0 .{.{.|...}.].~.. 8E 7F 00 01 00 01 00 01 00 01 00 01 00 01 00 01 ................ 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 ................ 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 ................ 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 ................ 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 ................ 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 ................ 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 ................ 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 ................ 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 ................ 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 ................ 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 ................ 00 01 00 01 00 01 00 01 00 01 00 01 00 01 90 9D ................ FF FF 01 00 00 00 80 8F FF FF 00 04 00 00 50 44 ..............PD 54 00 50 53 54 00 11 00 00 00 F0 AA 0C 08 03 00 T.PST........... 00 00 50 44 54 00 11 00 00 00 00 00 00 00 03 00 ..PDT........... 00 00 50 53 54 00 11 00 00 00 10 AB 0C 08 10 AA ..PST........... 05 08 20 AB 0C 08 11 00 00 00 68 74 74 70 5F 64 .. .......http_d 65 63 6F 64 65 00 11 00 00 00 30 AB 0C 08 50 AA ecode.....0...P. 05 08 48 AB 0C 08 19 00 00 00 68 74 74 70 5F 64 ..H.......http_d 65 63 6F 64 65 5F 69 67 6E 6F 72 65 00 00 11 00 ecode_ignore.... 00 00 58 AB 0C 08 E0 C2 05 08 68 AB 0C 08 11 00 ..X.......h..... 00 00 70 6F 72 74 73 63 61 6E 00 00 00 00 11 00 ..portscan...... 00 00 78 AB 0C 08 F0 CC 05 08 98 AB 0C 08 21 00 ..x...........!. 00 00 70 6F 72 74 73 63 61 6E 2D 69 67 6E 6F 72 ..portscan-ignor 65 68 6F 73 74 73 00 00 00 00 00 00 00 00 11 00 ehosts.......... 00 00 A8 AB 0C 08 C0 0A 06 08 B8 AB 0C 08 11 00 ................ 00 00 64 65 66 72 61 67 00 00 00 00 00 00 11 00 ..defrag........ 00 00 C8 AB 0C 08 C0 5B 06 08 D8 AB 0C 08 11 00 .......[........ 00 00 73 74 72 65 61 6D 32 00 00 00 00 00 11 00 ..stream2....... 00 00 E8 AB 0C 08 A0 79 06 08 F8 AB 0C 08 11 00 .......y........ 00 00 73 70 61 64 65 00 00 00 00 00 00 00 11 00 ..spade......... 00 00 08 AC 0C 08 C0 7D 06 08 20 AC 0C 08 19 00 .......}.. ..... 00 00 73 70 61 64 65 2D 68 6F 6D 65 6E 65 74 00 ..spade-homenet. 00 00 00 00 00 00 11 00 00 00 30 AC 0C 08 C0 7F ..........0..... 06 08 40 AC 0C 08 11 00 00 00 73 70 61 64 65 2D ..@.......spade- 73 74 61 74 73 00 11 00 00 00 50 AC 0C 08 D0 80 stats.....P..... 06 08 68 AC 0C 08 19 00 00 00 73 70 61 64 65 2D ..h.......spade- 74 68 72 65 73 68 6C 65 61 72 6E 00 00 00 11 00 threshlearn..... 00 00 78 AC 0C 08 60 83 06 08 88 AC 0C 08 11 00 ..x...`......... 00 00 73 70 61 64 65 2D 61 64 61 70 74 00 11 00 ..spade-adapt... 00 00 98 AC 0C 08 90 88 06 08 B0 AC 0C 08 19 00 ................ 00 00 73 70 61 64 65 2D 61 64 61 70 74 32 00 00 ..spade-adapt2.. 00 00 00 00 00 00 11 00 00 00 C0 AC 0C 08 50 95 ..............P. 06 08 D8 AC 0C 08 19 00 00 00 73 70 61 64 65 2D ..........spade- 61 64 61 70 74 33 00 00 00 00 00 00 00 00 11 00 adapt3.......... 00 00 E8 AC 0C 08 80 9C 06 08 00 AD 0C 08 19 00 ................ 00 00 73 70 61 64 65 2D 73 75 72 76 65 79 00 00 ..spade-survey.. 00 00 00 00 00 00 11 00 00 00 10 AD 0C 08 40 1D ..............@. 07 08 20 AD 0C 08 11 00 00 00 75 6E 69 64 65 63 .. .......unidec 6F 64 65 00 00 00 11 00 00 00 30 AD 0C 08 70 28 ode.......0...p( 07 08 40 AD 0C 08 11 00 00 00 72 70 63 5F 64 65 ..@.......rpc_de 63 6F 64 65 00 00 11 00 00 00 50 AD 0C 08 B0 2A code......P....* 07 08 60 AD 0C 08 11 00 00 00 62 6F 00 00 00 00 ..`.......bo.... 00 00 00 00 00 00 11 00 00 00 70 AD 0C 08 10 2F ..........p..../ 07 08 80 AD 0C 08 11 00 00 00 74 65 6C 6E 65 74 ..........telnet 5F 6E 65 67 00 00 11 00 00 00 90 AD 0C 08 10 2F _neg.........../ 07 08 A8 AD 0C 08 19 00 00 00 74 65 6C 6E 65 74 ..........telnet 5F 6E 65 67 6F 74 69 61 74 69 6F 6E 00 00 11 00 _negotiation.... 00 00 A8 A5 0C 08 10 2F 07 08 B8 AD 0C 08 11 00 ......./........ 00 00 C0 A5 0C 08 10 57 07 08 D0 A5 0C 08 11 00 .......W........ 00 00 06 00 00 00 EA 05 00 00 00 00 00 00 11 00 ................ 00 00 E8 AD 0C 08 80 93 05 08 F8 AD 0C 08 11 00 ................ 00 00 72 65 67 65 78 00 00 00 00 00 00 00 11 00 ..regex......... 00 00 08 AE 0C 08 20 91 05 08 18 AE 0C 08 11 00 ...... ......... 00 00 75 72 69 63 6F 6E 74 65 6E 74 00 00 11 00 ..uricontent.... 00 00 28 AE 0C 08 A0 9D 05 08 38 AE 0C 08 11 00 ..(.......8..... 00 00 66 6C 61 67 73 00 00 00 00 00 00 00 11 00 ..flags......... 00 00 48 AE 0C 08 D0 9F 05 08 58 AE 0C 08 11 00 ..H.......X..... 00 00 69 74 79 70 65 00 00 00 00 00 00 00 11 00 ..itype......... 00 00 68 AE 0C 08 00 A1 05 08 78 AE 0C 08 11 00 ..h.......x..... 00 00 69 63 6F 64 65 00 00 00 00 00 00 00 11 00 ..icode......... 00 00 88 AE 0C 08 30 A2 05 08 98 AE 0C 08 11 00 ......0......... 00 00 74 74 6C 00 00 00 00 00 00 00 00 00 11 00 ..ttl........... 00 00 A8 AE 0C 08 20 A5 05 08 B8 AE 0C 08 11 00 ...... ......... 00 00 69 64 00 00 00 00 00 00 00 00 00 00 11 00 ..id............ 00 00 C8 AE 0C 08 10 A6 05 08 D8 AE 0C 08 11 00 ................ 00 00 61 63 6B 00 00 00 00 00 00 00 00 00 11 00 ..ack........... 00 00 E8 AE 0C 08 20 A7 05 08 F8 AE 0C 08 11 00 ...... ......... 00 00 73 65 71 00 00 00 00 00 00 00 00 00 11 00 ..seq........... 00 00 08 AF 0C 08 40 A8 05 08 18 AF 0C 08 11 00 ......@......... 00 00 64 73 69 7A 65 00 00 00 00 00 00 00 11 00 ..dsize......... 00 00 28 AF 0C 08 F0 D0 05 08 38 AF 0C 08 11 00 ..(.......8..... 00 00 69 70 6F 70 74 73 00 00 00 00 00 00 11 00 ..ipopts........ 00 00 48 AF 0C 08 B0 D3 05 08 58 AF 0C 08 11 00 ..H.......X..... 00 00 72 70 63 00 00 00 00 00 00 00 00 00 11 00 ..rpc........... 00 00 68 AF 0C 08 20 D6 05 08 78 AF 0C 08 11 00 ..h... ...x..... 00 00 69 63 6D 70 5F 69 64 00 00 00 00 00 11 00 ..icmp_id....... 00 00 88 AF 0C 08 30 D7 05 08 98 AF 0C 08 11 00 ......0......... 00 00 69 63 6D 70 5F 73 65 71 00 00 00 00 11 00 ..icmp_seq...... 00 00 A8 AF 0C 08 60 FF 05 08 B8 AF 0C 08 11 00 ......`......... 00 00 73 65 73 73 69 6F 6E 00 00 00 00 00 11 00 ..session....... 00 00 C8 AF 0C 08 B0 59 06 08 D8 AF 0C 08 11 00 .......Y........ 00 00 74 6F 73 00 00 00 00 00 00 00 00 00 11 00 ..tos........... 00 00 E8 AF 0C 08 20 74 06 08 F8 AF 0C 08 11 00 ...... t........ 00 00 72 65 66 65 72 65 6E 63 65 00 00 00 11 00 ..reference..... 00 00 08 B0 0C 08 00 77 06 08 18 B0 0C 08 11 00 .......w........ 00 00 66 72 61 67 62 69 74 73 00 00 00 00 11 00 ..fragbits...... 00 00 28 B0 0C 08 00 27 07 08 38 B0 0C 08 11 00 ..(....'..8..... 00 00 77 69 6E 64 6F 77 00 00 00 00 00 00 11 00 ..window........ 00 00 48 B0 0C 08 A0 3D 07 08 58 B0 0C 08 11 00 ..H....=..X..... 00 00 69 70 5F 70 72 6F 74 6F 00 00 00 00 11 00 ..ip_proto...... 00 00 68 B0 0C 08 50 3A 07 08 78 B0 0C 08 11 00 ..h...P:..x..... 00 00 73 61 6D 65 69 70 00 00 00 00 00 00 11 00 ..sameip........ 00 00 88 B0 0C 08 10 3B 07 08 98 B0 0C 08 11 00 .......;........ 00 00 63 6C 61 73 73 74 79 70 65 00 00 00 11 00 ..classtype..... 00 00 A8 B0 0C 08 40 3C 07 08 00 00 00 00 11 00 ......@<........ 00 00 70 72 69 6F 72 69 74 79 00 00 00 00 19 00 ..priority...... 00 00 D0 B0 0C 08 00 00 00 00 30 D8 05 08 E8 B0 ..........0..... 0C 08 00 00 00 00 19 00 00 00 61 6C 65 72 74 5F ..........alert_ 73 79 73 6C 6F 67 00 00 00 00 00 00 00 00 19 00 syslog.......... 00 00 00 B1 0C 08 01 00 00 00 E0 DF 05 08 10 B1 ................ 0C 08 00 00 00 00 11 00 00 00 6C 6F 67 5F 74 63 ..........log_tc 70 64 75 6D 70 00 19 00 00 00 28 B1 0C 08 00 00 pdump.....(..... 00 00 C0 E3 05 08 38 B1 0C 08 00 00 00 00 11 00 ......8......... 00 00 64 61 74 61 62 61 73 65 00 00 00 00 19 00 ..database...... 00 00 50 B1 0C 08 00 00 00 00 50 2A 06 08 60 B1 ..P.......P*..`. 0C 08 00 00 00 00 11 00 00 00 61 6C 65 72 74 5F ..........alert_ 66 61 73 74 00 00 19 00 00 00 78 B1 0C 08 00 00 fast......x..... 00 00 B0 2B 06 08 88 B1 0C 08 00 00 00 00 11 00 ...+............ 00 00 61 6C 65 72 74 5F 66 75 6C 6C 00 00 19 00 ..alert_full.... 00 00 A0 B1 0C 08 00 00 00 00 30 2D 06 08 B0 B1 ..........0-.... 0C 08 00 00 00 00 11 00 00 00 61 6C 65 72 74 5F ..........alert_ 73 6D 62 00 00 00 19 00 00 00 C8 B1 0C 08 00 00 smb............. 00 00 30 32 06 08 E0 B1 0C 08 00 00 00 00 19 00 ..02............ 00 00 61 6C 65 72 74 5F 75 6E 69 78 73 6F 63 6B ..alert_unixsock 00 00 00 00 00 00 19 00 00 00 F8 B1 0C 08 01 00 ................ 00 00 50 34 06 08 08 B2 0C 08 00 00 00 00 11 00 ..P4............ 00 00 78 6D 6C 00 00 00 00 00 00 00 00 00 19 00 ..xml........... 00 00 20 B2 0C 08 00 00 00 00 90 30 07 08 30 B2 .. ........0..0. 0C 08 00 00 00 00 11 00 00 00 43 53 56 00 00 00 ..........CSV... 00 00 00 00 00 00 19 00 00 00 48 B2 0C 08 01 00 ..........H..... 00 00 90 49 07 08 58 B2 0C 08 00 00 00 00 11 00 ...I..X......... 00 00 6C 6F 67 5F 75 6E 69 66 69 65 64 00 19 00 ..log_unified... 00 00 70 B2 0C 08 00 00 00 00 20 4A 07 08 88 B2 ..p....... J.... 0C 08 00 00 00 00 19 00 00 00 61 6C 65 72 74 5F ..........alert_ 75 6E 69 66 69 65 64 00 00 00 00 00 00 00 19 00 unified......... 00 00 A0 B2 0C 08 01 00 00 00 90 A1 07 08 00 00 ................ 00 00 00 00 00 00 11 00 00 00 6C 6F 67 5F 6E 75 ..........log_nu 6C 6C 00 00 00 00 19 00 00 00 10 75 0A 08 07 00 ll.........u.... 00 00 01 00 00 00 C8 B2 0C 08 D8 B2 0C 08 11 00 ................ 00 00 61 63 74 69 76 61 74 69 6F 6E 00 00 19 00 ..activation.... 00 00 74 75 0A 08 08 00 00 00 01 00 00 00 F0 B2 ..tu............ 0C 08 00 B3 0C 08 11 00 00 00 64 79 6E 61 6D 69 ..........dynami 63 00 00 00 00 00 19 00 00 00 58 75 0A 08 02 00 c.........Xu.... 00 00 01 00 00 00 18 B3 0C 08 28 B3 0C 08 11 00 ..........(..... 00 00 61 6C 65 72 74 00 00 00 00 00 00 00 19 00 ..alert......... 00 00 30 75 0A 08 01 00 00 00 00 00 00 00 40 B3 ..0u..........@. 0C 08 50 B3 0C 08 11 00 00 00 70 61 73 73 00 00 ..P.......pass.. 00 00 00 00 00 00 19 00 00 00 A4 75 0A 08 00 00 ...........u.... 00 00 01 00 00 00 68 B3 0C 08 00 00 00 00 11 00 ......h......... 00 00 6C 6F 67 00 00 00 00 00 00 00 00 00 71 01 ..log.........q. 00 00 84 3C AD FB 00 90 01 40 00 90 01 40 00 90 ...<.....@...@.. 01 40 00 90 01 40 B0 90 01 40 00 A0 01 40 00 90 .@...@...@...@.. 01 40 00 A0 01 40 00 00 00 00 00 00 00 00 00 00 .@...@.......... 00 00 00 00 00 00 50 0A 0F 08 06 00 00 00 00 00 ......P......... 00 00 00 00 00 00 00 00 00 08 10 B4 0C 08 F9 20 ............... 04 00 00 00 00 00 C2 AE CA A3 28 B4 0C 08 FF FF ..........(..... FF FF A0 16 00 00 06 00 00 00 1C 00 00 00 00 00 ................ 00 00 20 53 07 08 00 00 00 00 00 00 00 00 E4 B3 .. S............ 0C 08 1D 62 64 3C 1D 62 64 3C 07 00 00 00 09 01 ...bd<.bd<...... 00 00 48 6C 18 40 C0 64 18 40 00 00 00 00 00 00 ..Hl.@.d.@...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 B1 00 00 00 F0 6C 18 40 F0 6C ...........l.@.l 18 40 12 3B 64 3C B0 E2 0A 00 2A 2A 2A 2A 2A 2A .@.;d<....****** 53 2A 00 00 00 00 6C B4 0C 08 00 00 00 00 00 00 S*....l......... 00 00 88 00 00 00 81 00 00 00 C0 6C 18 40 C0 6C ...........l.@.l 18 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .@.............. 00 00 00 00 00 00 01 00 00 00 56 1F 64 3C 70 BB ..........V.d<p. 02 00 56 1F 64 3C 70 BB 02 00 00 00 00 00 00 00 ..V.d<p......... 00 00 00 00 00 00 88 6C 18 40 66 6C 61 3C 00 00 .......l.@fla<.. 00 00 00 00 00 00 00 00 00 00 E0 61 18 40 29 00 ...........a.@). 00 00 68 6C 18 40 68 6C 18 40 60 6C 18 40 19 00 ..hl.@hl.@`l.@.. 00 00 58 6C 18 40 D0 63 4E 08 00 00 00 00 00 00 ..Xl.@.cN....... 00 00 28 00 00 00 30 00 00 00 40 B5 0C 08 50 B5 ..(...0...@...P. 0C 08 60 B5 0C 08 00 00 00 00 00 00 00 00 00 00 ..`............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 11 00 00 00 76 61 72 00 00 00 ..........var... 00 00 00 00 00 00 11 00 00 00 48 4F 4D 45 5F 4E ..........HOME_N 45 54 00 00 00 00 19 00 00 00 5B 36 34 2E 31 39 ET........[mynet 35 2E 31 38 34 2E 31 34 31 2F 33 32 5D 00 19 00 .184.141/32]... 00 00 90 B5 0C 08 A0 B5 0C 08 00 00 00 00 20 B6 .............. . 0C 08 28 A5 0C 08 11 00 00 00 48 4F 4D 45 5F 4E ..(.......HOME_N 45 54 00 00 00 00 19 00 00 00 5B 36 34 2E 31 39 ET........[mynet 35 2E 31 38 34 2E 31 34 31 2F 33 32 5D 00 31 00 .184.141/32].1. 00 00 E8 B5 0C 08 F8 B5 0C 08 10 B6 0C 08 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 00 ................ 00 00 76 61 72 00 00 00 00 00 00 00 00 00 19 00 ..var........... 00 00 45 58 54 45 52 4E 41 4C 5F 4E 45 54 00 00 ..EXTERNAL_NET.. 00 00 00 00 00 00 11 00 00 00 61 6E 79 00 00 00 ..........any... 00 00 00 00 00 00 19 00 00 00 38 B6 0C 08 50 B6 ..........8...P. 0C 08 00 00 00 00 C8 B6 0C 08 78 B5 0C 08 19 00 ..........x..... 00 00 45 58 54 45 52 4E 41 4C 5F 4E 45 54 00 00 ..EXTERNAL_NET.. 00 00 00 00 00 00 11 00 00 00 61 6E 79 00 00 00 ..........any... 00 00 00 00 00 00 31 00 00 00 90 B6 0C 08 A0 B6 ......1......... 0C 08 B0 B6 0C 08 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 11 00 00 00 76 61 72 00 00 00 ..........var... 00 00 00 00 00 00 11 00 00 00 53 4D 54 50 00 00 ..........SMTP.. 00 00 00 00 00 00 19 00 00 00 5B 36 34 2E 31 39 ..........[mynet 35 2E 31 38 34 2E 31 34 31 2F 33 32 5D 00 19 00 .184.141/32]... 00 00 E0 B6 0C 08 F0 B6 0C 08 00 00 00 00 78 B7 ..............x. 0C 08 20 B6 0C 08 11 00 00 00 53 4D 54 50 00 00 .. .......SMTP.. 00 00 00 00 00 00 19 00 00 00 5B 36 34 2E 31 39 ..........[mynet 35 2E 31 38 34 2E 31 34 31 2F 33 32 5D 00 31 00 .184.141/32].1. 00 00 38 B7 0C 08 48 B7 0C 08 60 B7 0C 08 00 00 ..8...H...`..... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 00 ................ 00 00 76 61 72 00 00 00 00 00 00 00 00 00 19 00 ..var........... 00 00 48 54 54 50 5F 53 45 52 56 45 52 53 00 00 ..HTTP_SERVERS.. 00 00 00 00 00 00 19 00 00 00 5B 36 34 2E 31 39 ..........[mynet 35 2E 31 38 34 2E 31 34 31 2F 33 32 5D 00 19 00 .184.141/32]... 00 00 90 B7 0C 08 A8 B7 0C 08 00 00 00 00 28 B8 ..............(. 0C 08 C8 B6 0C 08 19 00 00 00 48 54 54 50 5F 53 ..........HTTP_S 45 52 56 45 52 53 00 00 00 00 00 00 00 00 19 00 ERVERS.......... 00 00 5B 36 34 2E 31 39 35 2E 31 38 34 2E 31 34 ..[mynet.184.14 31 2F 33 32 5D 00 31 00 00 00 F0 B7 0C 08 00 B8 1/32].1......... 0C 08 10 B8 0C 08 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 11 00 00 00 76 61 72 00 00 00 ..........var... 00 00 00 00 00 00 11 00 00 00 53 51 4C 5F 53 45 ..........SQL_SE 52 56 45 52 53 00 19 00 00 00 5B 36 34 2E 31 39 RVERS.....[mynet 35 2E 31 38 34 2E 31 34 31 2F 33 32 5D 00 19 00 .184.141/32]... 00 00 40 B8 0C 08 50 B8 0C 08 00 00 00 00 D0 B8 ..@...P......... 0C 08 78 B7 0C 08 11 00 00 00 53 51 4C 5F 53 45 ..x.......SQL_SE 52 56 45 52 53 00 19 00 00 00 5B 36 34 2E 31 39 RVERS.....[mynet 35 2E 31 38 34 2E 31 34 31 2F 33 32 5D 00 31 00 .184.141/32].1. 00 00 98 B8 0C 08 A8 B8 0C 08 B8 B8 0C 08 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 00 ................ 00 00 76 61 72 00 00 00 00 00 00 00 00 00 11 00 ..var........... 00 00 44 4E 53 5F 53 45 52 56 45 52 53 00 19 00 ..DNS_SERVERS... 00 00 5B 36 34 2E 31 39 35 2E 31 38 34 2E 31 34 ..[mynet.184.14 31 2F 33 32 5D 00 19 00 00 00 E8 B8 0C 08 F8 B8 1/32]........... 0C 08 00 00 00 00 70 B9 0C 08 28 B8 0C 08 11 00 ......p...(..... 00 00 44 4E 53 5F 53 45 52 56 45 52 53 00 19 00 ..DNS_SERVERS... 00 00 5B 36 34 2E 31 39 35 2E 31 38 34 2E 31 34 ..[mynet.184.14 31 2F 33 32 5D 00 31 00 00 00 40 B9 0C 08 50 B9 1/32].1...@...P. 0C 08 60 B9 0C 08 00 00 00 00 00 00 00 00 00 00 ..`............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 11 00 00 00 76 61 72 00 00 00 ..........var... 00 00 00 00 00 00 11 00 00 00 52 55 4C 45 5F 50 ..........RULE_P 41 54 48 00 00 00 11 00 00 00 2E 2E 2F 72 75 6C ATH........./rul 65 73 00 00 00 00 19 00 00 00 88 B9 0C 08 98 B9 es.............. 0C 08 00 00 00 00 28 A5 0C 08 D0 B8 0C 08 11 00 ......(......... 00 00 52 55 4C 45 5F 50 41 54 48 00 00 00 11 00 ..RULE_PATH..... 00 00 2E 2E 2F 72 75 6C 65 73 00 00 00 00 31 00 ..../rules....1. 00 00 D8 B9 0C 08 F0 B9 0C 08 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 ................ 00 00 70 72 65 70 72 6F 63 65 73 73 6F 72 00 00 ..preprocessor.. 00 00 00 00 00 00 11 00 00 00 66 72 61 67 32 00 ..........frag2. 00 00 00 00 00 00 11 00 00 00 10 BA 0C 08 00 00 ................ 00 00 00 00 00 00 19 00 00 00 70 72 65 70 72 6F ..........prepro 63 65 73 73 6F 72 20 66 72 61 67 32 00 00 11 00 cessor frag2.... 00 00 38 BA 0C 08 50 BA 0C 08 00 00 00 00 19 00 ..8...P......... 00 00 70 72 65 70 72 6F 63 65 73 73 6F 72 00 00 ..preprocessor.. 00 00 00 00 00 00 11 00 00 00 66 72 61 67 32 00 ..........frag2. 00 00 00 00 00 00 79 04 00 00 D8 BE 0C 08 F0 BE ......y......... 0C 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8Z/zjtxLIMhQSDIERAigHAJ0Wkvt8uZ38mkM2AGV5XMq0pBQvcQCg5T1G fXIXH7U/Gs7shp3F53pLYEo= =L0yW -----END PGP SIGNATURE----- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- attack hidden in path MTU discovery or snort 1.8.3 log weirdness? MISC Large ICMP Packet Paul Keser (Feb 11)