Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Off topic: Thousands of traceroutes ?

From: "Tudor Panaitescu" <tpanaitescu () colorcon com>
Date: Mon, 13 May 2002 14:19:15 -0400


Hello everyone,

Please see the packet dumps bellow. They are quite similar, the addresses are
different.

Any comments welcome.

Thanks, Tudor


[**] IDS115/scan_Traceroute UDP [**]
05/13-14:08:01.988823 xxx.xxx.xxx.xxx:46661 -> xxx.xxx.xxx.xxx:43921
UDP TTL:1 TOS:0x0 ID:64822 IpLen:20 DgmLen:92
Len: 72
0x0000: 00 30 85 87 53 7A 00 B0 64 2C 84 40 08 00 45 00  .0..Sz..d,.@..E.
0x0010: 00 5C FD 36 00 00 01 11 7A AE 41 D6 32 82 0C 20  .\.6....z.A.2..
0x0020: C1 34 B6 45 AB 91 00 48 77 D6 00 01 02 03 04 05  .4.E...Hw.......
0x0030: 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15  ................
0x0040: 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25  .......... !"#$%
0x0050: 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35  &'()*+,-./012345
0x0060: 36 37 38 39 3A 3B 3C 3D 3E 3F                    6789:;<=>?

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] IDS115/scan_Traceroute UDP [**]
05/13-14:08:11.990777 xxx.xxx.xxx.xxx:46661 -> xxx.xxx.xxx.xxx:44268
UDP TTL:1 TOS:0x0 ID:319 IpLen:20 DgmLen:92
Len: 72
0x0000: 00 30 85 87 53 7A 00 B0 64 2C 84 40 08 00 45 00  .0..Sz..d,.@..E.
0x0010: 00 5C 01 3F 00 00 01 11 76 A6 41 D6 32 82 0C 20  .\.?....v.A.2..
0x0020: C1 34 B6 45 AC EC 00 48 76 7B 00 01 02 03 04 05  .4.E...Hv{......
0x0030: 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15  ................
0x0040: 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25  .......... !"#$%
0x0050: 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35  &'()*+,-./012345
0x0060: 36 37 38 39 3A 3B 3C 3D 3E 3F                    6789:;<=>?

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

05/13-14:12:11.214919 xxx.xxx.xxx.xxx:4761 -> xxx.xxx.xxx.xxx:38966
UDP TTL:1 TOS:0x0 ID:18075 IpLen:20 DgmLen:92
Len: 72
0x0000: 00 30 85 87 53 7A 00 B0 64 2C 84 40 08 00 45 00  .0..Sz..d,.@..E.
0x0010: 00 5C 46 9B 00 00 01 11 1D 5C 3E 04 4A 42 0C 20  .\F......\>.JB.
0x0020: C1 34 12 99 98 36 00 48 1A F0 00 01 02 03 04 05  .4...6.H........
0x0030: 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15  ................
0x0040: 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25  .......... !"#$%
0x0050: 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35  &'()*+,-./012345
0x0060: 36 37 38 39 3A 3B 3C 3D 3E 3F                    6789:;<=>?

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+





_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: