Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Can any Apple folks help out?

From: George Bakos <alpinista () BIGFOOT COM>
Date: Sun, 6 May 2001 22:46:23 -0400
Apple NetAssitant is the only thing anyone has been able to come up with for
this scan.  Here's the 5 bytes of udp data that was fired at my hosts:

0015 0001 01

Can anyone that is running NetAssistant please confirm this as appropriate data
for that app?  If not, perhaps we are missing something.

[gbakos@piggy gbakos]$ zcat /home/shadow/LOG/****/May05/tcp.2001050523.gz |/usr/local/logger/tcpdump -nvvXr - udp and 
port 3283
23:31:16.403628 65.7.179.191.3283 > target.net.162.3283:  udp 5 (DF) (ttl 243, id 30002)
0x0000   4500 0021 7532 4000 f311 e569 4107 b3bf        E..!u2 ()     iA...
0x0010   good guys 0cd3 0cd3 000d b7e8 0015 0001        ..f.............
0x0020   0100 0000 0000 0000 0000 0000 0000             ..............
23:31:16.410567 65.7.179.191.3283 > target.net.163.3283:  udp 5 (DF) (ttl 243, id 61713)
0x0000   4500 0021 f111 4000 f311 6989 4107 b3bf        E..!..@...i.A...
0x0010   d1c6 66a3 0cd3 0cd3 000d b7e7 0015 0001        ..f.............
0x0020   0100 0000 0000 0000 0000 0000 0000             ..............
23:31:16.441115 65.7.179.191.3283 > target.net.164.3283:  udp 5 (DF) (ttl 243, id 17442)
0x0000   4500 0021 4422 4000 f311 1678 4107 b3bf        E..!D"@....xA...
0x0010   d1c6 66a4 0cd3 0cd3 000d b7e6 0015 0001        ..f.............
0x0020   0101 0000 0000 0000 0331 3931 0331             .........191.1
23:31:16.498840 65.7.179.191.3283 > target.net.170.3283:  udp 5 (DF) (ttl 243, id 65093)
0x0000   4500 0021 fe45 4000 f311 5c4e 4107 b3bf        E..!.E@...\NA...
0x0010   d1c6 66aa 0cd3 0cd3 000d b7e0 0015 0001        ..f.............
0x0020   0101 0000 0000 0000 0331 3931 0331             .........191.1
23:31:16.639956 65.7.179.191.3283 > target.net.180.3283:  udp 5 (DF) (ttl 243, id 46418)
0x0000   4500 0021 b552 4000 f311 a537 4107 b3bf        E..!.R@....7A...
0x0010   d1c6 66b4 0cd3 0cd3 000d b7d6 0015 0001        ..f.............
0x0020   0101 0000 0000 0000 0331 3931 0331             .........191.1
23:31:16.780316 65.7.179.191.3283 > target.net.190.3283:  udp 5 (DF) (ttl 243, id 49842)
0x0000   4500 0021 c2b2 4000 f311 97cd 4107 b3bf        E..!..@.....A...
0x0010   d1c6 66be 0cd3 0cd3 000d b7cc 0015 0001        ..f.............
0x0020   0101 0000 0000 0000 0331 3931 0331             .........191.1

George Bakos
alpinista () bigfoot com
Previous By Date Next
Previous By Thread Next

Current thread: