Snort mailing list archives
0.x.x.x source IP
From: snort <snort () jbrfoods com>
Date: Fri, 12 Dec 2003 08:58:56 -0800
Hello All, I have been seeing "a lot" of these lately, could anybody offer any suggestions to what this may be. I have searched for "0.69.249.132" and port 57989, but did not find much supporting material. The destination IP does not accept connections on port 57989. I am not too worried as there is no payload in the packets, but would like you thoughts. Best Regards, Matt ------------------------------------------------------------------------------ #(3 - 22400) [2003-12-10 17:35:25] [snort/2182] BACKDOOR typot trojan traffic IPv4: 0.69.249.132 -> x.x.x.x hlen=5 TOS=0 dlen=52 ID=64754 flags=0 offset=0 TTL=114 chksum=20248 TCP: port=39556 -> dport: 57989 flags=******S* seq=3614539496 ack=0 off=8 res=0 win=55808 urp=0 chksum=50423 Options: #1 - MSS len=2 data=05B4 #2 - NOP len=0 #3 - WS len=1 data=02 #4 - NOP len=0 #5 - NOP len=0 #6 - SACKOK len=0 Payload: none ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- 0.x.x.x source IP snort (Dec 12)
- Re: 0.x.x.x source IP Rob Schrack (Dec 12)