Snort mailing list archives
FPs for COMMUNITY MISC Q.931 Invalid Call Reference Length Buffer Overflow, Sig ID, 100000892
From: Russell Fulton <r.fulton () auckland ac nz>
Date: Fri, 17 Nov 2006 17:12:03 +1300
I'm seeing several thousand hits a day on this mostly from a single pair of addresses. Russell.
META -------- SID CID TimeStamp Signature 6 1228538 2006-11-17 10:18:14 COMMUNITY MISC Q.931 Invalid Call Reference Length Buffer Overflow Sig ID 100000892 Sensor Hostname Sensor Interface monitor-dmzo.isec.auckland.ac.nz new dmz sensor IP -------- Source Address Dest Address Ver Hdr Len 130.216.59.17 74.112.73.90 4 5 TOS length ID flags offset TTL chksum 0 880 7034 2 0 126 35930 Resolved Source c.liang.glg.auckland.ac.nz Resolved Dest Could Not Resolve TCP -------- Source Port Dest Port Seq Ack 2569 1720 129613138 3274426388 Offset Reserved Flags Window Checksum Urgent Ptr 5 0 24 65535 9277 0 Options -------- None Flags -------- RB 1 RB 0 URG ACK PSH RST SYN FIN X X DATA -------- 08B4407CA02BFB9E1B01 ..@|.+.... 764CB68DA53416D0AF5C vL...4...\ 2F5A66047E7432819AA5 /Zf.~t2... 242838D1293BE5C2BB08 $(8.);.... 9150CC4B0908C80D4F7D .P.K....O} E41999BACC3069845326 .....0i.S& 4C254C83FD5A008E8788 L%L..Z.... B25C21E562D50E5979C9 .\!.b..Yy. DD9832020156C410F798 ..2..V.... 49543431495D16506451 IT41I].PdQ 520A2E93D16B70A8D6B2 R....kp... 2828AA910160B56A26B9 ((...`.j&. 348CF44A468A08EA0D68 4..JF....h ECB92C4AFAEB927F1C64 ..,J.....d 305E5CACD08A1196D93D 0^\......= FFA88C67E283307E1F72 ...g..0~.r A7E0DAE086222D43EDBE ....."-C.. B8A9AAAB877398E9EFF4 .....s.... 5CDDE13D10BA9E046607 \..=....f. A932A024D9C05FC9C211 .2.$.._... 3B4D0DE54CCB79FBEEFD ;M..L.y... B5B6EB2A57A28211116F ...*W....o 64F31ABDE53631343144 d....6141D AADE92A15F1D35DAA2BD ...._.5... D1E3AD2FC0870408235E .../....#^ 97047106948F95F8CDD0 ..q....... 4FE617E7F3623070C661 O....b0p.a 13C22225FF45DF9F2378 .."%.E..#x A3322917548DA8446628 .2).T..Df( 4CFE506B5AE64C9988CF L.PkZ.L... B69A92E700A201693BD4 .......i;. CF0C20D24ED44AB9AEFF .. .N.J... 784129020B20A2911177 xA).. ...w 7F67B95111119BF27A68 .g.Q....zh 7D0A6B2325C2DF2BF7CA }.k#%..+.. A0416D1FEB31A1914548 .Am..1..EH A8BA1C64C2514C229406 ...d.QL".. 03B9DF9777E44444456F ....w.DDEo FEABBF52405628969A27 ...R@V(..' 9F4834C27844734FEAC8 .H4.xDsO.. 1583CAD6AE4005016316 .....@..c. 1001BF6D867FD1E23E98 ...m....>. 8208208A28A282082213 .. .(...". 57EC98B55AFBA3D5ECF9 W...Z..... 7B0F9610B8542670E623 {....T&p.# 5525D6174E256B096702 U%..N%k.g. 414104A2A34100AA8E67 AA...A...g B5AD4A2C96F7658B507F ..J,..e.P. C80BBF93D4B7F71B80A8 .......... 4E393CAFB0586302FAEB N9<..Xc... C8D514BE1BAB0A056A9A ........j. F4522851D0B340CCEB15 .R(Q..@... 9CB2474FEC04882D9CB3 ..GO...-.. 4F69728949810414888B Oir.I..... DE99F72888CCDF5F5759 ...(..._WY 6863434FD1E61186C02E hcCO...... 15D798B911508A0367B8 .....P..g. 1CFAF3BB729001450422 ....r..E." 0ADEC9E5227D4FB6B885 ...."}O... 28C2512A41AA920F4424 (.Q*A...D$ 8BF7EF2BF4CCD6B25073 ...+....Ps 9AA64B9C191C94B10542 ..K......B 46480C04A286D9E2D23A FH.......: 7432B6C1061888AE3EF7 t2......>. A41712DA78B0E4F1E400 ....x..... A0001C26EC7ECA9E1684 ...&.~.... 2419562DD8A85BEA4D01 $.V-..[.M. 6BE2BEF70A60CE46BF6B k....`.F.k 70F750C255153390C312 p.P.U.3... E18D258C45F1F9F2761D ..%.E...v. DE4CE828A44059D23AC6 .L.(.@Y.:. CC7FE8D0A3D9F57F3200 ........2. 1EB57542A0225001E67D ..uB."P..} 9CBC9E9B7B6312C2F0CC ....{c.... 960A05A03534864C68DF ....54.Lh. 2AFA1DEDAE73A370AC56 *....s.p.V A6297AF366EC3DA4180C .)z.f.=... 221A67FF80001035386A ".g....58j 4CE50F2A327F9B9082F1 L..*2..... 5EFB055082D5F4B2EC11 ^..P...... BA25DBAC17D676D2016E .%....v..n F7C9A5BCD3FFE2379607 .......7.. B9F67A4A2F280A84082A ..zJ/(...* 04501B35F151A877226B .P.5.Q.w"k DATA -------- ..@|.+....vL...4...\/Zf.~t2...$(8.);.....P.K....O}.....0i.S& L%L..Z.....\!.b..Yy...2..V....IT41I].PdQR....kp...((...`.j&. 4..JF....h..,J.....d0^\......=...g..0~.r....."-C.......s.... \..=....f..2.$.._...;M..L.y......*W....od....6141D...._.5... .../....#^..q.......O....b0p.a.."%.E..#x.2).T..Df(L.PkZ.L... .......i;... .N.J...xA).. ...w.g.Q....zh}.k#%..+...Am..1..EH ...d.QL"......w.DDEo...R@V(..'.H4.xDsO.......@..c....m....>. .. .(...".W...Z.....{....T&p.#U%..N%k.g.AA...A...g..J,..e.P. ..........N9<..Xc...........j..R(Q.. () GO - Oir.I..... ...(..._WYhcCO...........P..g.....r..E."...."}O...(.Q*A...D$ ...+....Ps..K......BFH.......:t2......>.....x........&.~.... $.V-..[.M.k....`.F.kp.P.U.3.....%.E...v..L.(.@Y.:.........2. ..uB."P..}....{c........54.Lh.*....s.p.V.)z.f.=...".g....58j L..*2.....^..P.......%....v..n.......7....zJ/(...*.P.5.Q.w"k
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- FPs for COMMUNITY MISC Q.931 Invalid Call Reference Length Buffer Overflow, Sig ID, 100000892 Russell Fulton (Nov 16)