Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Strange Traffic to 10.0.1.128

From: "Dusty Hall" <halljer () auburn edu>
Date: Wed, 25 Feb 2004 14:30:54 -0600
I'm seeing the following traffic from dozens of computers on our campus.  I'm not sure what to make of it.  Any 
thoughts?


-Dusty


*--------
14:20:01.731500 xxx.xxx.xxx.xxx.3139 > 10.0.1.128.36278: S 948466268:948466268(0) win 16384 <mss 1456,nop,nop,sackOK> 
(DF)
0x0000   4500 0030 0ee5 4000 8006 8d11 xxxx xxxx        E..0..@.........
0x0010   0a00 0180 0c43 8db6 3888 725c 0000 0000        .....C..8.r\....
0x0020   7002 4000 9f73 0000 0204 05b0 0101 0402        p.@..s..........
14:20:01.749327 xxx.xxx.xxx.xxx.3126 > 10.0.1.128.36278: S 944670114:944670114(0) win 16384 <mss 1456,nop,nop,sackOK> 
(DF)
0x0000   4500 0030 0ee6 4000 8006 8d10 xxxx xxxx        E..0..@.........
0x0010   0a00 0180 0c36 8db6 384e 85a2 0000 0000        .....6..8N......
0x0020   7002 4000 8c74 0000 0204 05b0 0101 0402        p.@..t..........
14:20:02.051142 xxx.xxx.xxx.xxx.3136 > 10.0.1.128.36278: S 947371790:947371790(0) win 16384 <mss 1456,nop,nop,sackOK> 
(DF)
0x0000   4500 0030 0ef0 4000 8006 8d06 xxxx xxxx        E..0..@.........
0x0010   0a00 0180 0c40 8db6 3877 bf0e 0000 0000        .....@..8w......
0x0020   7002 4000 52d5 0000 0204 05b0 0101 0402        p.@.R...........
14:20:02.151663 xxx.xxx.xxx.xxx.3137 > 10.0.1.128.36278: S 947438139:947438139(0) win 16384 <mss 1456,nop,nop,sackOK> 
(DF)
0x0000   4500 0030 0ef4 4000 8006 8d02 xxxx xxxx        E..0..@.........
0x0010   0a00 0180 0c41 8db6 3878 c23b 0000 0000        .....A..8x.;....
0x0020   7002 4000 4fa6 0000 0204 05b0 0101 0402        p.@.O...........
14:20:02.554036 xxx.xxx.xxx.xxx.3127 > 10.0.1.128.36278: S 945134256:945134256(0) win 16384 <mss 1456,nop,nop,sackOK> 
(DF)
0x0000   4500 0030 0eff 4000 8006 8cf7 xxxx xxxx        E..0..@.........
0x0010   0a00 0180 0c37 8db6 3855 9ab0 0000 0000        .....7..8U......
0x0020   7002 4000 775e 0000 0204 05b0 0101 0402        p.@.w^..........
14:20:03.020634 xxx.xxx.xxx.xxx.3140 > 10.0.1.128.36278: S 948834934:948834934(0) win 16384 <mss 1456,nop,nop,sackOK> 
(DF)
0x0000   4500 0030 0f0d 4000 8006 8ce9 xxxx xxxx        E..0..@.........
0x0010   0a00 0180 0c44 8db6 388e 1276 0000 0000        .....D..8..v....
0x0020   7002 4000 ff52 0000 0204 05b0 0101 0402        p.@..R..........
14:20:03.139266 xxx.xxx.xxx.xxx.3142 > 10.0.1.128.36278: S 948970852:948970852(0) win 16384 <mss 1456,nop,nop,sackOK> 
(DF)
0x0000   4500 0030 0f10 4000 8006 8ce6 xxxx xxxx        E..0..@.........
0x0010   0a00 0180 0c46 8db6 3890 2564 0000 0000        .....F..8.%d....
0x0020   7002 4000 ec60 0000 0204 05b0 0101 0402        p.@..`..........
14:20:03.157586 xxx.xxx.xxx.xxx.3138 > 10.0.1.128.36278: S 947825858:947825858(0) win 16384 <mss 1456,nop,nop,sackOK> 
(DF)
0x0000   4500 0030 0f11 4000 8006 8ce5 xxxx xxxx        E..0..@.........
0x0010   0a00 0180 0c42 8db6 387e acc2 0000 0000        .....B..8~......
0x0020   7002 4000 6518 0000 0204 05b0 0101 0402        p.@.e...........
14:20:03.389056 xxx.xxx.xxx.xxx.3143 > 10.0.1.128.36278: S 949143173:949143173(0) win 16384 <mss 1456,nop,nop,sackOK> 
(DF)
0x0000   4500 0030 0f17 4000 8006 8cdf xxxx xxxx        E..0..@.........
0x0010   0a00 0180 0c47 8db6 3892 c685 0000 0000        .....G..8.......
0x0020   7002 4000 4b3c 0000 0204 05b0 0101 0402        p.@.K<..........




-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56&alloc_id438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: