Snort mailing list archives
Current Attack...
From: "Vadim Pushkin" <wiskbroom () hotmail com>
Date: Tue, 07 May 2002 14:17:47 +0000
Greets I am receiving ALOT of complaints recently from one of my sensors. HOwever, when I view the payload, using ACID, I get a different IP address from the one that shows up as the source IP. Also, what would cause MySQL to barf at an attempt to enter this data into itself? Thanks, Vadim My Pay_Load:#(2 - 35923) [2002-05-07 08:59:12] ICMP Destination Unreachable (Fragmentation Needed and DF bit was set)
IPv4: 163.13.1.11 -> xxx.yyy.zzz.111 (I changed this on purpose) hlen=5 TOS=0 dlen=56 ID=10053 flags=0 offset=0 TTL=46 chksum=31997 ICMP: type=Destination Unreachable code=Fragmentation Needed/DF set checksum=41848 id= seq= Payload: length = 32 000 : 00 00 05 D4 45 00 05 DC 27 45 40 00 F0 06 75 38 ....E...'E@...u8 010 : 3F 42 05 29 A3 0D 01 26 F0 D2 00 19 81 C4 E0 FE ?B.)...&........ FROM_SENSOR:May 7 05:52:37 obsd snort: database: mysql_error: Duplicate entry '2-35923' for key 1 SQL=INSERT INTO event (sid,cid,signature,timestamp) VALUES ('2', '35923', '34', '2002-05-07 05:52:37+00') May 7 05:52:37 obsd snort: database: mysql_error: Duplicate entry '2-35923' for key 1 SQL=INSERT INTO event (sid,cid,signature,timestamp) VALUES ('2', '35923', '34', '2002-05-07 05:52:37+00') May 7 05:52:37 obsd snort: database: mysql_error: Duplicate entry '2-35923' for key 1 SQL=INSERT INTO icmphdr (sid, cid, icmp_type, icmp_code, icmp_csum) VALUES ('2','35923','3','4','41848') May 7 05:52:37 obsd snort: database: mysql_error: Duplicate entry '2-35923' for key 1 SQL=INSERT INTO icmphdr (sid, cid, icmp_type, icmp_code, icmp_csum) VALUES ('2','35923','3','4','41848') May 7 05:52:37 obsd snort: database: mysql_error: Duplicate entry '2-35923' for key 1 SQL=INSERT INTO iphdr (sid, cid, ip_src, ip_dst, ip_ver,ip_hlen, ip_tos, ip_len, ip_id, ip_flags, ip_off,ip_ttl, ip_proto, ip_csum) VALUES ('2','35923','2735538443','1061291305','4','5','0','56','10056','0','0','46','1','31994') May 7 05:52:37 obsd snort: database: mysql_error: Duplicate entry '2-35923' for key 1 SQL=INSERT INTO iphdr (sid, cid, ip_src, ip_dst, ip_ver,ip_hlen, ip_tos, ip_len, ip_id, ip_flags, ip_off,ip_ttl, ip_proto, ip_csum) VALUES ('2','35923','2735538443','1061291305','4','5','0','56','10056','0','0','46','1','31994') May 7 05:52:37 obsd snort: database: mysql_error: Duplicate entry '2-35923' for key 1 SQL=INSERT INTO data (sid,cid,data_payload) VALUES ('2','35923','000005D4450005DC27484000F00675353F420529A30D0126F0D2001981C4E0FE') May 7 05:52:37 obsd snort: database: mysql_error: Duplicate entry '2-35923' for key 1 SQL=INSERT INTO data (sid,cid,data_payload) VALUES ('2','35923','000005D4450005DC27484000F00675353F420529A30D0126F0D2001981C4E0FE')
_________________________________________________________________MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx
_______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Current Attack... Vadim Pushkin (May 07)