Snort mailing list archives

RE: Re: Off topic: Thousands of traceroutes ?

From: "Tudor Panaitescu" <tpanaitescu () colorcon com>
Date: Mon, 13 May 2002 14:43:36 -0400



Not really. The source addresses are so many, some resolve, some not. Nothing
really interesting... Odd, isn't it ?.

Any other thoughts ? Anybody else with the same thing going ?

Thanks
Tudor








"Spitzer, Nathan" <Nathan.Spitzer () acs-inc com> on 05/13/2002 02:31:03 PM
                                                              
                                                              
                                                              
  To:          Tudor Panaitescu/ColorconUS@ColorconUS         
                                                              
  cc:                                                         
                                                              
                                                              
                                                              
  Subject      RE: [Snort-users] Re: Off topic: Thousands of  
  :            traceroutes ?                                  
                                                              






If you do a whois on the src ip's, do they resolve to anything
"interesting"?

-----Original Message-----
From: Tudor Panaitescu [mailto:tpanaitescu () colorcon com]
Sent: Monday, May 13, 2002 2:19 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Re: Off topic: Thousands of traceroutes ?




Hello everyone,

Please see the packet dumps bellow. They are quite similar, the addresses
are
different.

Any comments welcome.

Thanks, Tudor


[**] IDS115/scan_Traceroute UDP [**]
05/13-14:08:01.988823 xxx.xxx.xxx.xxx:46661 -> xxx.xxx.xxx.xxx:43921
UDP TTL:1 TOS:0x0 ID:64822 IpLen:20 DgmLen:92
Len: 72
0x0000: 00 30 85 87 53 7A 00 B0 64 2C 84 40 08 00 45 00  .0..Sz..d,.@..E.
0x0010: 00 5C FD 36 00 00 01 11 7A AE 41 D6 32 82 0C 20  .\.6....z.A.2..
0x0020: C1 34 B6 45 AB 91 00 48 77 D6 00 01 02 03 04 05  .4.E...Hw.......
0x0030: 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15  ................
0x0040: 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25  .......... !"#$%
0x0050: 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35  &'()*+,-./012345
0x0060: 36 37 38 39 3A 3B 3C 3D 3E 3F                    6789:;<=>?

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] IDS115/scan_Traceroute UDP [**]
05/13-14:08:11.990777 xxx.xxx.xxx.xxx:46661 -> xxx.xxx.xxx.xxx:44268
UDP TTL:1 TOS:0x0 ID:319 IpLen:20 DgmLen:92
Len: 72
0x0000: 00 30 85 87 53 7A 00 B0 64 2C 84 40 08 00 45 00  .0..Sz..d,.@..E.
0x0010: 00 5C 01 3F 00 00 01 11 76 A6 41 D6 32 82 0C 20  .\.?....v.A.2..
0x0020: C1 34 B6 45 AC EC 00 48 76 7B 00 01 02 03 04 05  .4.E...Hv{......
0x0030: 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15  ................
0x0040: 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25  .......... !"#$%
0x0050: 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35  &'()*+,-./012345
0x0060: 36 37 38 39 3A 3B 3C 3D 3E 3F                    6789:;<=>?

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

05/13-14:12:11.214919 xxx.xxx.xxx.xxx:4761 -> xxx.xxx.xxx.xxx:38966
UDP TTL:1 TOS:0x0 ID:18075 IpLen:20 DgmLen:92
Len: 72
0x0000: 00 30 85 87 53 7A 00 B0 64 2C 84 40 08 00 45 00  .0..Sz..d,.@..E.
0x0010: 00 5C 46 9B 00 00 01 11 1D 5C 3E 04 4A 42 0C 20  .\F......\>.JB.
0x0020: C1 34 12 99 98 36 00 48 1A F0 00 01 02 03 04 05  .4...6.H........
0x0030: 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15  ................
0x0040: 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25  .......... !"#$%
0x0050: 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35  &'()*+,-./012345
0x0060: 36 37 38 39 3A 3B 3C 3D 3E 3F                    6789:;<=>?

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+





_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Off topic: Thousands of traceroutes ? Tudor Panaitescu (May 13)
- <Possible follow-ups>
- RE: Off topic: Thousands of traceroutes ? Spitzer, Nathan (May 13)
- Re: Off topic: Thousands of traceroutes ? Tudor Panaitescu (May 13)
- Re: Off topic: Thousands of traceroutes ? Tudor Panaitescu (May 13)
  - Re: Re: Off topic: Thousands of traceroutes ? John Sage (May 13)
    - Re: Re: Off topic: Thousands of traceroutes ? Jeff Nathan (May 13)
- Re: Off topic: Thousands of traceroutes ? Tudor Panaitescu (May 13)
  - Re: Re: Off topic: Thousands of traceroutes ? skill 's (May 13)
- RE: Re: Off topic: Thousands of traceroutes ? Tudor Panaitescu (May 13)
  - Re: [despammed] RE: Re: Off topic: Thousands of traceroutes ? Ed McMan (May 13)
- RE: Re: Off topic: Thousands of traceroutes ? Bob Walder (May 14)
  - Re: Re: Off topic: Thousands of traceroutes ? John Sage (May 14)