Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Unknown Datagram decoding problem!

From: <CGhercoias () TWEC COM>
Date: Wed, 8 Oct 2003 12:55:33 -0400

Hello,

Starting last night my snort system have started to record these alerts.
177.1.0.x is our proxy-gateway and from this machine all these alerts
are going all over the place in the network.
Someone have seen these before? Is some kind of new exploit out there?


------------------------------------------------------------------------
------
#(3 - 708725) [2003-10-08 10:09:50] [snort/108]  (snort_decoder) Unknown
Datagram decoding problem!
IPv4: 177.1.0.x -> 177.1.0.y
      hlen=5 TOS=0 dlen=32 ID=49536 flags=0 offset=0 TTL=128 chksum=5961
ICMP: type=Redirect code=1
      checksum=191 id= seq=
Payload:  length = 8

000 : B1 01 00 3E 45 00 04 00                           ...>E...
------------------------------------------------------------------------
------
#(3 - 708578) [2003-10-08 09:51:07] [snort/108]  (snort_decoder) Unknown
Datagram decoding problem!
IPv4: 177.1.0.x -> 177.1.0.y
      hlen=5 TOS=0 dlen=33 ID=22713 flags=0 offset=0 TTL=128
chksum=32760
ICMP: type=Redirect code=1
      checksum=36372 id= seq=
Payload:  length = 9

000 : B1 01 01 E8 45 00 05 00 70                        ....E...p
------------------------------------------------------------------------
------
#(3 - 708577) [2003-10-08 09:51:07] [snort/108]  (snort_decoder) Unknown
Datagram decoding problem!
IPv4: 177.1.0.x -> 177.1.0.y
      hlen=5 TOS=0 dlen=33 ID=22489 flags=0 offset=0 TTL=128
chksum=32984
ICMP: type=Redirect code=1
      checksum=36372 id= seq=
Payload:  length = 9

000 : B1 01 01 E8 45 00 05 00 70                        ....E...p


Thank you in advance,

*-----------------------------------*
| Catalin Ghercoias                 |
| cghercoias () twec com
*------------------------------------------*
| http://www.fye.com             | "Tart words make no friends; a
spoonful  |
|                                          |  of honey will catch more
flies than     |
| 518-452-1242                   | a gallon of vinegar."
|
*--------------------------------|                    -- B. Franklin
|
                                 |
|
 
*------------------------------------------*




-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: