Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Packet interpretation

From: "Kishor Bhagwat" <aaaaarrrgghhh () yahoo com>
Date: Sun, 20 Jan 2002 11:53:15 +0530
Hello!
I'm running snort in daemon mode inside a private network, with access
to
the Internet thru a router.
here's a small sample of the kind of alerts i keep gettting...
I"m not sure what to make of them..is it an attack from outside, or
from inside?
first of all, is it an attack?!!
The MAC address 01:42....is that of my router's ethernet interface.

regards,
kishor


Dec 27 20:59:42 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=193.253.253.48 DST=255.255.255.255 LEN=48 TOS=0x00 PREC=0x00
TTL=112 ID=52252 DF PROTO=TCP SPT=2256 DPT=21 WINDOW=16384 RES=0x00
SYN URGP=0

Dec 27 20:59:42 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=193.253.253.48 DST=255.255.255.255 LEN=48 TOS=0x00 PREC=0x00
TTL=112 ID=52260 DF PROTO=TCP SPT=2264 DPT=21 WINDOW=16384 RES=0x00
SYN URGP=0


Dec 27 23:43:23 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=208.4.55.222
DST=255.255.255.255 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=57364 DF
PROTO=TCP SPT=3171 DPT=25 WINDOW=16384 RES=0x00 SYN URGP=0

Dec 27 23:43:23 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=208.4.55.222
DST=255.255.255.255 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=57372 DF
PROTO=TCP SPT=3173 DPT=25 WINDOW=16384 RES=0x00 SYN URGP=0


Dec 28 09:33:03 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=195.92.250.158
DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=24282
PROTO=TCP SPT=22 DPT=22 WINDOW=40 RES=0x00 SYN URGP=0

Dec 28 09:33:03 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=195.92.250.158
DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=24282
PROTO=TCP SPT=22 DPT=22 WINDOW=40 RES=0x00 SYN URGP=0

Dec 28 20:56:20 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=195.35.139.106
DST=255.255.255.255 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=26755 DF
PROTO=TCP SPT=1036 DPT=21 WINDOW=32120 RES=0x00 SYN URGP=0

Dec 28 20:56:20 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=195.35.139.106
DST=255.255.255.255 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=26770 DF
PROTO=TCP SPT=1051 DPT=21 WINDOW=32120 RES=0x00 SYN URGP=0


Dec 29 14:39:15 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=24.25.64.124 DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00
TTL=106 ID=45799 PROTO=TCP SPT=111 DPT=111 WINDOW=7182 RES=0x00 SYN
URGP=0

Dec 29 14:39:15 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=24.25.64.124 DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00
TTL=106 ID=45799 PROTO=TCP SPT=111 DPT=111 WINDOW=7182 RES=0x00 SYN
URGP=0

Dec 29 14:52:14 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=202.100.13.148 DST=255.255.255.255 LEN=60 TOS=0x00 PREC=0x00
TTL=38 ID=61939 DF PROTO=TCP SPT=1133 DPT=21 WINDOW=32120 RES=0x00 SYN
URGP=0

Dec 29 14:52:14 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=202.100.13.148 DST=255.255.255.255 LEN=60 TOS=0x00 PREC=0x00
TTL=38 ID=61954 DF PROTO=TCP SPT=1148 DPT=21 WINDOW=32120 RES=0x00 SYN
URGP=0

Dec 29 14:52:16 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=202.100.13.148 DST=255.255.255.255 LEN=60 TOS=0x00 PREC=0x00
TTL=38 ID=62509 DF PROTO=TCP SPT=1148 DPT=21 WINDOW=32120 RES=0x00 SYN
URGP=0

Dec 29 14:52:17 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=202.100.13.148 DST=255.255.255.255 LEN=60 TOS=0x00 PREC=0x00
TTL=38 ID=62500 DF PROTO=TCP SPT=1133 DPT=21 WINDOW=32120 RES=0x00 SYN
URGP=0

Dec 29 19:21:17 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=216.205.150.132 DST=255.255.255.255 LEN=60 TOS=0x00 PREC=0x00
TTL=51 ID=25621 DF PROTO=TCP SPT=2282 DPT=22 WINDOW=32120 RES=0x00 SYN
URGP=0

Dec 29 21:29:18 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=195.1.220.107 DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00
 TTL=104 ID=53283 PROTO=TCP SPT=21 DPT=21 WINDOW=45683 RES=0x00 SYN
URGP=0

Dec 29 21:29:18 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=195.1.220.107 DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00
TTL=107 ID=53283 PROTO=TCP SPT=21 DPT=21 WINDOW=45683 RES=0x00 SYN
URGP=0

Dec 29 22:07:29 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=150.7.208.52 DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00
TTL=110 ID=39184 PROTO=TCP SPT=21 DPT=21 WINDOW=52783 RES=0x00 SYN
URGP=0




_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: