Snort mailing list archives
not your typical : BAD-TRAFFIC tcp port 0 traffic portscanning?
From: "Michael Scheidell" <scheidell () secnap net>
Date: Fri, 25 May 2007 08:15:47 -0400
anyone else getting this? same 'destination' ip 121.35.241.129. several 'destination' ports, 8000, 80,53. I have seen this at several clients sites, (same 'destination') but different 'source' (client is always source) Any idea what they are doing? Trying to portscan? Looking for some vulnerability with 'dest port' 0? 05/25-09:22:49 TCP 121.35.241.129:8000 --> xxx.xxx.xxx.xxx :0 [1:524:8] BAD-TRAFFIC tcp port 0 traffic [Classification: Misc activity] [Priority: 3] ------------------------------------------------------------------------ ------ #(2 - 738314) [2007-05-25 07:43:37] [snort/524] BAD-TRAFFIC tcp port 0 traffic IPv4: 121.35.241.129 -> xxx.xxx.xxx.xxx hlen=5 TOS=0 dlen=40 ID=51608 flags=0 offset=0 TTL=238 chksum=35950 TCP: port=80 -> dport: 0 flags=***A*R** seq=0 ack=759384068 off=5 res=0 win=0 urp=0 chksum=50032 Payload: none _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _________________________________________________________________________ ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- not your typical : BAD-TRAFFIC tcp port 0 traffic portscanning? Michael Scheidell (May 25)
- <Possible follow-ups>
- Re: not your typical : BAD-TRAFFIC tcp port 0 traffic portscanning? Richard Bejtlich (May 25)
- Re: not your typical : BAD-TRAFFIC tcp port 0 traffic portscanning? Michael Scheidell (May 25)