Security Incidents mailing list archives
Strange Traffic from 213.8.52.189
From: "Mendoza, Luis" <luis.mendoza () ATTLA COM>
Date: Fri, 23 Feb 2001 17:24:44 -0500
Hi Everybody, I captured the following traffic against my dns server. The behavior is similar to an attack (differents ports, and the 04 line attempt delude to my FW, but I am not very sure I had revised the SANS documents but the behavior is different. Is this a new attack? Best Regards Luis Mendoza No. Time Source Destination Protocol Info 1 15:28:35.8826 213.8.52.189 a.b.c.38 UDP Source port: 13570 Destination port: 37852 2 15:28:35.8826 213.8.52.189 a.b.c.38 ICMP Echo (ping) request 3 15:28:35.8837 a.b.c.38 213.8.52.189 ICMP Echo (ping) reply 4 15:28:35.8849 213.8.52.189 a.b.c.38 TCP 80 > 55305 [ACK] Seq=991 Ack=0 Win=1024 Len=0 5 15:28:35.8849 213.8.52.189 a.b.c.38 TCP 13568 > 55305 [SYN] Seq=921652387 Ack=0 Win=1024 Len=0 6 15:28:40.8681 213.8.52.189 a.b.c.38 TCP 13568 > 55305 [RST] Seq=921652388 Ack=0 Win=1024 Len=0 7 15:28:40.8686 213.8.52.189 a.b.c.38 UDP Source port: 13570 Destination port: 37852 8 15:28:40.8767 213.8.52.189 a.b.c.38 ICMP Echo (ping) request 9 15:28:40.8770 213.8.52.189 a.b.c.38 TCP 80 > 55305 [ACK] Seq=1003 Ack=0 Win=1024 Len=0 10 15:28:40.8770 a.b.c.38 213.8.52.189 ICMP Echo (ping) reply 11 15:28:40.8794 213.8.52.189 a.b.c.38 TCP 13568 > 55305 [SYN] Seq=922902387 Ack=0 Win=1024 Len=0 12 15:28:46.0294 213.8.52.189 a.b.c.38 TCP 13568 > 55305 [RST] Seq=922902388 Ack=0 Win=1024 Len=0 13 15:28:46.0326 213.8.52.189 a.b.c.38 TCP 13568 > 55305 [RST] Seq=922902388 Ack=0 Win=1024 Len=0 14 02:46:35.4154 a.b.c.38 213.8.52.189 DNS Standard query A www.othernetwork.com 15 02:46:38.4153 a.b.c.38 213.8.52.189 DNS Standard query A www.othernetwork.com 16 02:46:39.1065 213.8.52.189 a.b.c.38 DNS Standard query response A 194.90.241.51 A 192.114.177.51
Current thread:
- Strange Traffic from 213.8.52.189 Mendoza, Luis (Feb 24)