Snort mailing list archives

odd traffic

From: <Jose_Maria_Gonzalez () dell com>
Date: Mon, 29 Mar 2004 09:34:32 +0100


Have anybody  seen similar traffic before? (See below)

rgds,
Jose


 
3/23-15:08:45.146344 0:2:4B:17:9D:3A -> 0:2:B3:D2:1F:F7 type:0x800 len:0x354
12.98.202.146:30979 -> xxx.xxx.xxx.x:1027 UDP TTL:115 TOS:0x0 ID:42297 IpLen:20 DgmLen:838
Len: 810
04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00  ..(.............
00 00 00 00 00 00 00 00 F8 91 7B 5A 00 FF D0 11  ..........{Z....
A9 B2 00 C0 4F B6 E6 FC 54 8D 2E 4D 03 CD D8 BD  ....O...T..M....
C4 90 BD 66 84 7A 72 C9 00 00 00 00 01 00 00 00  ...f.zr.........
00 00 00 00 00 00 FF FF FF FF DA 02 00 00 00 00  ................
13 00 00 00 00 00 00 00 13 00 00 00 4D 49 43 52  ............MICR
4F 53 4F 46 54 20 4E 45 54 57 4F 52 4B 53 00 00  OSOFT NETWORKS..
13 00 00 00 00 00 00 00 13 00 00 00 57 49 4E 44  ............WIND
4F 57 53 20 55 53 45 52 55 53 45 52 00 00 00 00  OWS USERUSER....
8E 02 00 00 00 00 00 00 8E 02 00 00 4D 69 63 72  ............Micr
6F 73 6F 66 74 20 53 65 63 75 72 69 74 79 20 42  osoft Security B
75 6C 6C 65 74 69 6E 20 4D 53 30 33 2D 30 34 33  ulletin MS03-043
0D 0A 0D 0A 42 75 66 66 65 72 20 4F 76 65 72 72  ....Buffer Overr
75 6E 20 69 6E 20 4D 65 73 73 65 6E 67 65 72 20  un in Messenger
53 65 72 76 69 63 65 20 43 6F 75 6C 64 20 41 6C  Service Could Al
6C 6F 77 20 43 6F 64 65 20 45 78 65 63 75 74 69  low Code Executi
6F 6E 20 28 38 32 38 30 33 35 29 0D 0A 0D 0A 41  on (828035)....A
66 66 65 63 74 65 64 20 53 6F 66 74 77 61 72 65  ffected Software
3A 20 0D 0A 0D 0A 4D 69 63 72 6F 73 6F 66 74 20  : ....Microsoft
57 69 6E 64 6F 77 73 20 4E 54 20 57 6F 72 6B 73  Windows NT Works
74 61 74 69 6F 6E 20 0D 0A 4D 69 63 72 6F 73 6F  tation ..Microso
66 74 20 57 69 6E 64 6F 77 73 20 4E 54 20 53 65  ft Windows NT Se
72 76 65 72 20 34 2E 30 20 0D 0A 4D 69 63 72 6F  rver 4.0 ..Micro
73 6F 66 74 20 57 69 6E 64 6F 77 73 20 32 30 30  soft Windows 200
30 20 20 20 0D 0A 4D 69 63 72 6F 73 6F 66 74 20  0   ..Microsoft
57 69 6E 64 6F 77 73 20 58 50 20 20 0D 0A 4D 69  Windows XP  ..Mi
63 72 6F 73 6F 66 74 20 57 69 6E 64 6F 77 73 20  crosoft Windows
57 69 6E 39 38 20 20 20 0D 0A 4D 69 63 72 6F 73  Win98   ..Micros
6F 66 74 20 57 69 6E 64 6F 77 73 20 53 65 72 76  oft Windows Serv
65 72 20 32 30 30 33 0D 0A 0D 0A 4E 6F 6E 20 41  er 2003....Non A
66 66 65 63 74 65 64 20 53 6F 66 74 77 61 72 65  ffected Software
3A 20 0D 0A 0D 0A 4D 69 63 72 6F 73 6F 66 74 20  : ....Microsoft
57 69 6E 64 6F 77 73 20 4D 69 6C 6C 65 6E 6E 69  Windows Millenni
75 6D 20 45 64 69 74 69 6F 6E 0D 0A 0D 0A 59 6F  um Edition....Yo
75 72 20 73 79 73 74 65 6D 20 69 73 20 61 66 66  ur system is aff
65 63 74 65 64 2C 20 64 6F 77 6E 6C 6F 61 64 20  ected, download
74 68 65 20 70 61 74 63 68 20 66 72 6F 6D 20 74  the patch from t
68 65 20 61 64 64 72 65 73 73 20 62 65 6C 6F 77  he address below
20 21 20 0D 0A 46 49 52 53 54 20 54 59 50 45 20   ! ..FIRST TYPE
54 48 45 20 41 44 44 52 45 53 53 20 42 45 4C 4F  THE ADDRESS BELO
57 20 49 4E 54 4F 20 59 4F 55 52 20 49 4E 54 45  W INTO YOUR INTE
52 4E 45 54 20 42 52 4F 57 53 45 52 2C 20 54 48  RNET BROWSER, TH
45 4E 20 43 4C 49 43 4B 20 27 4F 4B 27 2E 0D 0A  EN CLICK 'OK'...
54 48 45 20 41 44 44 52 45 53 53 20 57 49 4C 4C  THE ADDRESS WILL
20 44 49 53 41 50 50 45 41 52 20 4F 4E 43 45 20   DISAPPEAR ONCE
59 4F 55 20 48 49 54 20 27 4F 4B 27 2E 0D 0A 0D  YOU HIT 'OK'....
0A 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20  .
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
20 77 77 77 2E 77 69 6E 64 6F 77 73 2D 70 61 74   www.windows-pat
63 68 2E 69 6E 66 6F 0D 0A 00                    ch.info...

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

 
 
 
 


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:

odd traffic Jose_Maria_Gonzalez (Mar 29)
- Re: odd traffic Michael Boman (Mar 29)
- Re: odd traffic AJ Butcher, Information Systems and Computing (Mar 29)