Snort mailing list archives
Packet interpretation
From: "Kishor Bhagwat" <aaaaarrrgghhh () yahoo com>
Date: Sun, 20 Jan 2002 11:53:15 +0530
Hello! I'm running snort in daemon mode inside a private network, with access to the Internet thru a router. here's a small sample of the kind of alerts i keep gettting... I"m not sure what to make of them..is it an attack from outside, or from inside? first of all, is it an attack?!! The MAC address 01:42....is that of my router's ethernet interface. regards, kishor Dec 27 20:59:42 morpheus kernel: auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00 SRC=193.253.253.48 DST=255.255.255.255 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=52252 DF PROTO=TCP SPT=2256 DPT=21 WINDOW=16384 RES=0x00 SYN URGP=0 Dec 27 20:59:42 morpheus kernel: auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00 SRC=193.253.253.48 DST=255.255.255.255 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=52260 DF PROTO=TCP SPT=2264 DPT=21 WINDOW=16384 RES=0x00 SYN URGP=0 Dec 27 23:43:23 morpheus kernel: auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00 SRC=208.4.55.222 DST=255.255.255.255 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=57364 DF PROTO=TCP SPT=3171 DPT=25 WINDOW=16384 RES=0x00 SYN URGP=0 Dec 27 23:43:23 morpheus kernel: auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00 SRC=208.4.55.222 DST=255.255.255.255 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=57372 DF PROTO=TCP SPT=3173 DPT=25 WINDOW=16384 RES=0x00 SYN URGP=0 Dec 28 09:33:03 morpheus kernel: auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00 SRC=195.92.250.158 DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=24282 PROTO=TCP SPT=22 DPT=22 WINDOW=40 RES=0x00 SYN URGP=0 Dec 28 09:33:03 morpheus kernel: auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00 SRC=195.92.250.158 DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=24282 PROTO=TCP SPT=22 DPT=22 WINDOW=40 RES=0x00 SYN URGP=0 Dec 28 20:56:20 morpheus kernel: auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00 SRC=195.35.139.106 DST=255.255.255.255 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=26755 DF PROTO=TCP SPT=1036 DPT=21 WINDOW=32120 RES=0x00 SYN URGP=0 Dec 28 20:56:20 morpheus kernel: auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00 SRC=195.35.139.106 DST=255.255.255.255 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=26770 DF PROTO=TCP SPT=1051 DPT=21 WINDOW=32120 RES=0x00 SYN URGP=0 Dec 29 14:39:15 morpheus kernel: auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00 SRC=24.25.64.124 DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=45799 PROTO=TCP SPT=111 DPT=111 WINDOW=7182 RES=0x00 SYN URGP=0 Dec 29 14:39:15 morpheus kernel: auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00 SRC=24.25.64.124 DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=45799 PROTO=TCP SPT=111 DPT=111 WINDOW=7182 RES=0x00 SYN URGP=0 Dec 29 14:52:14 morpheus kernel: auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00 SRC=202.100.13.148 DST=255.255.255.255 LEN=60 TOS=0x00 PREC=0x00 TTL=38 ID=61939 DF PROTO=TCP SPT=1133 DPT=21 WINDOW=32120 RES=0x00 SYN URGP=0 Dec 29 14:52:14 morpheus kernel: auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00 SRC=202.100.13.148 DST=255.255.255.255 LEN=60 TOS=0x00 PREC=0x00 TTL=38 ID=61954 DF PROTO=TCP SPT=1148 DPT=21 WINDOW=32120 RES=0x00 SYN URGP=0 Dec 29 14:52:16 morpheus kernel: auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00 SRC=202.100.13.148 DST=255.255.255.255 LEN=60 TOS=0x00 PREC=0x00 TTL=38 ID=62509 DF PROTO=TCP SPT=1148 DPT=21 WINDOW=32120 RES=0x00 SYN URGP=0 Dec 29 14:52:17 morpheus kernel: auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00 SRC=202.100.13.148 DST=255.255.255.255 LEN=60 TOS=0x00 PREC=0x00 TTL=38 ID=62500 DF PROTO=TCP SPT=1133 DPT=21 WINDOW=32120 RES=0x00 SYN URGP=0 Dec 29 19:21:17 morpheus kernel: auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00 SRC=216.205.150.132 DST=255.255.255.255 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=25621 DF PROTO=TCP SPT=2282 DPT=22 WINDOW=32120 RES=0x00 SYN URGP=0 Dec 29 21:29:18 morpheus kernel: auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00 SRC=195.1.220.107 DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=53283 PROTO=TCP SPT=21 DPT=21 WINDOW=45683 RES=0x00 SYN URGP=0 Dec 29 21:29:18 morpheus kernel: auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00 SRC=195.1.220.107 DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00 TTL=107 ID=53283 PROTO=TCP SPT=21 DPT=21 WINDOW=45683 RES=0x00 SYN URGP=0 Dec 29 22:07:29 morpheus kernel: auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00 SRC=150.7.208.52 DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00 TTL=110 ID=39184 PROTO=TCP SPT=21 DPT=21 WINDOW=52783 RES=0x00 SYN URGP=0 _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Packet interpretation Kishor Bhagwat (Jan 19)
- MySQL 2 XML Warrick FitzGerald (Jan 20)