Snort mailing list archives
Re: Anybody been seeing this / What is it.
From: "David E. Gianndrea" <daveg () comsquared com>
Date: Thu, 27 Feb 2003 12:46:44 -0500
Wish I could, This was a one shot thing today. That is why I have had problems finding it on the inside machine. It must be on a users laptop that doesn't come into the office much, and it appears to only do it once. Kind of like a one shot ping. twig les wrote:
Could you capture more? Like a tcpdump -s 0 port 0? --- "David E. Gianndrea" <daveg () comsquared com> wrote:Does anybody know what may be causing such traffic. At one time I saw this kind of stuff coming from one of our internal windows machines. [**] BAD TRAFFIC udp port 0 traffic [**] 02/25-22:15:57.248993 200.140.22.177:3073 -> X.X.X.X:0 UDP TTL:112 TOS:0x0 ID:1441 IpLen:20 DgmLen:46 Len: 2608 13 4A 49 02 00 01 00 61 62 63 64 65 66 67 68 ..JI....abcdefgh69 6A ij=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+Thanks -- David Gianndrea Senior Network Engineer Comsquared Systems, Inc. Web: www.comsquared.com Email: dgianndrea () comsquared com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users===== -----------------------------------------------------------Know yourself and know your enemy and you will never fear defeat. -----------------------------------------------------------__________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/
-- David Gianndrea Senior Network Engineer Comsquared Systems, Inc. Web: www.comsquared.com Email: dgianndrea () comsquared com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Anybody been seeing this / What is it. David E. Gianndrea (Feb 27)
- Re: Anybody been seeing this / What is it. twig les (Feb 27)
- Re: Anybody been seeing this / What is it. David E. Gianndrea (Feb 27)
- Re: Anybody been seeing this / What is it. twig les (Feb 27)