Snort mailing list archives

Previous By Date Next
Previous By Thread Next

probe packet?

From: Vincent Chen <vctw () yahoo com>
Date: Thu, 14 Feb 2002 18:59:40 -0800 (PST)

Dear all,

I got a lot of the following packet recently. They
seems trying to scan ssh,rpc,printer and created
by the same tool. Any one know which tool created
them?

BTW: Is there a good place to discuss this kind of
clue or attacker's intention?


Thanks,

02/12-00:04:13.867209 61.211.225.15:3952 ->
61.223.0.69:111
TCP TTL:52 TOS:0x0 ID:9599 IpLen:20 DgmLen:60 DF
******S* Seq: 0x91940B3C  Ack: 0x0  Win: 0x7D78 
TcpLen: 40
TCP Options (5) => MSS: 1452 SackOK TS: 60908434 0 NOP
WS: 0 
0x0000: 02 00 00 00 45 00 00 3C 25 7F 40 00 34 06 C4
36  ....E..<%.@.4..6
0x0010: 3D D3 E1 0F 3D DF 00 45 0F 70 00 6F 91 94 0B
3C  =...=..E.p.o...<
0x0020: 00 00 00 00 A0 02 7D 78 59 AD 00 00 02 04 05
AC  ......}xY.......
0x0030: 04 02 08 0A 03 A1 63 92 00 00 00 00 01 03 03
00  ......c.........

__________________________________________________
Do You Yahoo!?
Got something to say? Say it better with Yahoo! Video Mail 
http://mail.yahoo.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: