Snort mailing list archives
probe packet?
From: Vincent Chen <vctw () yahoo com>
Date: Thu, 14 Feb 2002 18:59:40 -0800 (PST)
Dear all, I got a lot of the following packet recently. They seems trying to scan ssh,rpc,printer and created by the same tool. Any one know which tool created them? BTW: Is there a good place to discuss this kind of clue or attacker's intention? Thanks, 02/12-00:04:13.867209 61.211.225.15:3952 -> 61.223.0.69:111 TCP TTL:52 TOS:0x0 ID:9599 IpLen:20 DgmLen:60 DF ******S* Seq: 0x91940B3C Ack: 0x0 Win: 0x7D78 TcpLen: 40 TCP Options (5) => MSS: 1452 SackOK TS: 60908434 0 NOP WS: 0 0x0000: 02 00 00 00 45 00 00 3C 25 7F 40 00 34 06 C4 36 ....E..<%.@.4..6 0x0010: 3D D3 E1 0F 3D DF 00 45 0F 70 00 6F 91 94 0B 3C =...=..E.p.o...< 0x0020: 00 00 00 00 A0 02 7D 78 59 AD 00 00 02 04 05 AC ......}xY....... 0x0030: 04 02 08 0A 03 A1 63 92 00 00 00 00 01 03 03 00 ......c......... __________________________________________________ Do You Yahoo!? Got something to say? Say it better with Yahoo! Video Mail http://mail.yahoo.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- probe packet? Vincent Chen (Feb 14)