Snort mailing list archives
unkown packet
From: c4n <c4n () softhome net>
Date: Thu, 06 Oct 2005 11:22:58 +0200
Hi all, I see in the snort logs, the next alert: (portscan) Open Port [**] [122:1:0] (portscan) TCP Portscan [**] 10/05-10:47:40.926565 XXXX -> XXXXX PROTO255 TTL:0 TOS:0x0 ID:2334 IpLen:20 DgmLen:162 the content of the packet: 0000 4d 41 43 44 41 44 4d 41 43 44 41 44 08 00 XXXXXXX MACDADMA CDAD.XX 0010 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 0020 XXXX 50 72 69 6f 72 69 74 79 20 43 6f 75 6e 74 XXPriori ty Count 0030 3a 20 31 31 0a 43 6f 6e 6e 65 63 74 69 6f 6e 20 : 11.Con nection 0040 43 6f 75 6e 74 3a 20 38 0a 49 50 20 43 6f 75 6e Count: 8 .IP Coun 0050 74 3a 20 35 0a 53 63 61 6e 6e 65 64 20 49 50 20 t: 5.Sca nned IP 0060 52 61 6e 67 65 3a 20 31 37 32 2e 31 36 2e 32 30 Range: XXXXXXX 0070 2e 34 3a 31 30 2e 32 2e 31 2e 32 32 32 0a 50 6f XXXXX:222.Po 0080 72 74 2f 50 72 6f 74 6f 20 43 6f 75 6e 74 3a 20 rt/Proto Count: 0090 35 0a 50 6f 72 74 2f 50 72 6f 74 6f 20 52 61 6e 5.Port/P roto Ran 00a0 67 65 3a 20 31 33 35 32 3a 38 30 38 30 0a ge: 1352 :8080. This is a posible trojan? Thanks a lot C4n ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- unkown packet c4n (Oct 06)