Snort mailing list archives
Strange 135 packets
From: "Marc Quibell" <mquibell () fbfs com>
Date: Wed, 13 Aug 2003 10:28:48 -0500
Not exactly the proper forum, but I consider the experiences here to be most bountiful! While watching for msblaster infections, I've been tcpdump'ing for 135 packets. On a few Win98 machines, I get a few TCP 135 connection attempts to the 0/8 network, example: 13:35:28.053338 0:e0:f7:7a:c9:80 0:2:b3:90:65:e2 ip 62: [source IP].1235 > 0.33.172.101.135: S [tcp sum ok] 11647891:11647891(0) win 8192 <mss 1460,nop,nop,sackOK> (DF) (ttl 126, id 34570, len 48) These packets are retrans'ed in double'd intervals. Naturally, it does not make it to anywhere. Has anyone else seen this? TIA! Marc ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Strange 135 packets Marc Quibell (Aug 13)
- <Possible follow-ups>
- re: strange 135 packets Kevin Binsfield (Aug 13)