unkown packet

[c4n <c4n () softhome net>]

Hi all,

I see in the snort logs, the next alert:

(portscan) Open Port
[**] [122:1:0] (portscan) TCP Portscan [**]
10/05-10:47:40.926565 XXXX -> XXXXX
PROTO255 TTL:0 TOS:0x0 ID:2334 IpLen:20 DgmLen:162


the content of the packet:

0000  4d 41 43 44 41 44 4d 41  43 44 41 44 08 00 XXXXXXX   MACDADMA CDAD.XX
0010   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
0020  XXXX 50 72 69 6f 72 69  74 79 20 43 6f 75 6e 74   XXPriori ty Count
0030  3a 20 31 31 0a 43 6f 6e  6e 65 63 74 69 6f 6e 20   : 11.Con nection
0040  43 6f 75 6e 74 3a 20 38  0a 49 50 20 43 6f 75 6e   Count: 8 .IP Coun
0050  74 3a 20 35 0a 53 63 61  6e 6e 65 64 20 49 50 20   t: 5.Sca nned IP
0060  52 61 6e 67 65 3a 20 31  37 32 2e 31 36 2e 32 30   Range: XXXXXXX
0070  2e 34 3a 31 30 2e 32 2e  31 2e 32 32 32 0a 50 6f   XXXXX:222.Po
0080  72 74 2f 50 72 6f 74 6f  20 43 6f 75 6e 74 3a 20   rt/Proto  Count:
0090  35 0a 50 6f 72 74 2f 50  72 6f 74 6f 20 52 61 6e   5.Port/P roto Ran
00a0  67 65 3a 20 31 33 35 32  3a 38 30 38 30 0a         ge: 1352 :8080.

This is a posible trojan?

Thanks a lot

C4n


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users