Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Cookie jacking 19177 question

From: "Lay, James" <james.lay () wincofoods com>
Date: Fri, 29 Jul 2011 11:31:06 -0600
Topic says it...this doesn't seem to be a real cookiejacking attempt no?

James

#(2 - 1172) [2011-07-29 11:18:24]
[url/www.swisscyberstorm.com/speakers/valotta-slides] [local rules dir:
sid:19177;][snort/1-19177]  WEB-MISC cookiejacking attempt
IPv4: 208.80.152.3 -> 70.103.190.98
      hlen=5 TOS=0 dlen=800 ID=46492 flags=0 offset=0 TTL=50 chksum=8990
TCP:  port=80 -> dport: 25166  flags=***AP*** seq=2147483647
      ack=167117666 off=5 res=0 win=9648 urp=0 chksum=428
Payload:  length = 760

000 : 54 B2 0B 12 12 0A 0E E4 AA 0C 06 2D 4F F5 9F FF   T..........-O...
010 : 68 62 15 1D 0D 81 81 DA EE E0 C4 89 D0 BB B7 56   hb.............V
020 : 2C 9A BD DA 5D 10 8A 1A 83 5D DD 2D 2E 08 B7 90   ,...]....].-....
030 : 99 09 97 2E 69 67 03 D7 AF D7 AE E8 7A E1 05 ED   ....ig......z...
040 : 32 D4 0A 15 B4 30 51 10 C4 61 09 0E 81 AB AB E6   2....0Q..a......
050 : A2 4C 26 2D E1 6E B1 40 A9 52 E0 E1 21 E1 A0 20   .L&-.n.@.R..!.. 
060 : 82 25 38 30 A5 4A DD 4C C0 0B 82 84 84 82 43 A3   .%80.J.L......C.
070 : 46 89 E4 AB 04 71 58 82 E3 AF 6C 22 54 82 03 20   F....qX...l"T.. 
080 : 65 0D 82 20 88 60 09 82 20 88 60 09 82 20 82 25   e.. .`.. .`.. .%
090 : 08 82 20 82 25 08 82 50 48 FC 7F B4 EE E7 B1 A1   .. .%..PH......
0a0 : 90 26 E7 00 00 00 5A 74 45 58 74 63 6F 6D 6D 65   .&....ZtEXtcomme
0b0 : 6E 74 00 46 69 6C 65 20 73 6F 75 72 63 65 3A 20   nt.File source: 
0c0 : 68 74 74 70 3A 2F 2F 63 6F 6D 6D 6F 6E 73 2E 77   http://commons.w
0d0 : 69 6B 69 6D 65 64 69 61 2E 6F 72 67 2F 77 69 6B   ikimedia.org/wik
0e0 : 69 2F 46 69 6C 65 3A 47 65 6F 6D 65 74 72 69 63   i/File:Geometric
0f0 : 44 69 73 74 61 6E 63 65 54 6F 48 6F 72 69 7A 6F   DistanceToHorizo
100 : 6E 2E 70 6E 67 D6 66 64 F4 00 00 00 25 74 45 58   n.png.fd....%tEX
110 : 74 64 61 74 65 3A 63 72 65 61 74 65 00 32 30 31   tdate:create.201
120 : 31 2D 30 34 2D 31 39 54 30 39 3A 32 30 3A 30 35   1-04-19T09:20:05
130 : 2B 30 30 3A 30 30 53 25 6F FE 00 00 00 25 74 45   +00:00S%o....%tE
140 : 58 74 64 61 74 65 3A 6D 6F 64 69 66 79 00 32 30   Xtdate:modify.20
150 : 31 31 2D 30 34 2D 31 39 54 30 39 3A 32 30 3A 30   11-04-19T09:20:0
160 : 35 2B 30 30 3A 30 30 22 78 D7 42 00 00 00 45 74   5+00:00"x.B...Et
170 : 45 58 74 73 6F 66 74 77 61 72 65 00 49 6D 61 67   EXtsoftware.Imag
180 : 65 4D 61 67 69 63 6B 20 36 2E 36 2E 32 2D 36 20   eMagick 6.6.2-6 
190 : 32 30 31 30 2D 31 30 2D 32 33 20 51 38 20 68 74   2010-10-23 Q8 ht
1a0 : 74 70 3A 2F 2F 77 77 77 2E 69 6D 61 67 65 6D 61   tp://www.imagema
1b0 : 67 69 63 6B 2E 6F 72 67 07 E4 10 CF 00 00 00 18   gick.org........
1c0 : 74 45 58 74 54 68 75 6D 62 3A 3A 44 6F 63 75 6D   tEXtThumb::Docum
1d0 : 65 6E 74 3A 3A 50 61 67 65 73 00 31 A7 FF BB 2F   ent::Pages.1.../
1e0 : 00 00 00 18 74 45 58 74 54 68 75 6D 62 3A 3A 49   ....tEXtThumb::I
1f0 : 6D 61 67 65 3A 3A 68 65 69 67 68 74 00 35 35 38   mage::height.558
200 : 44 69 7C 4B 00 00 00 17 74 45 58 74 54 68 75 6D   Di|K....tEXtThum
210 : 62 3A 3A 49 6D 61 67 65 3A 3A 57 69 64 74 68 00   b::Image::Width.
220 : 38 30 30 E3 B1 C0 E2 00 00 00 19 74 45 58 74 54   800........tEXtT
230 : 68 75 6D 62 3A 3A 4D 69 6D 65 74 79 70 65 00 69   humb::Mimetype.i
240 : 6D 61 67 65 2F 70 6E 67 3F B2 56 4E 00 00 00 17   mage/png?.VN....
250 : 74 45 58 74 54 68 75 6D 62 3A 3A 4D 54 69 6D 65   tEXtThumb::MTime
260 : 00 31 33 30 33 32 30 34 38 30 35 C5 A3 B3 DA 00   .1303204805.....
270 : 00 00 11 74 45 58 74 54 68 75 6D 62 3A 3A 53 69   ...tEXtThumb::Si
280 : 7A 65 00 34 39 36 4B 42 E3 6A D0 B5 00 00 00 54   ze.496KB.j.....T
290 : 74 45 58 74 54 68 75 6D 62 3A 3A 55 52 49 00 66   tEXtThumb::URI.f
2a0 : 69 6C 65 3A 2F 2F 2F 6D 6E 74 2F 75 70 6C 6F 61   ile:///mnt/uploa
2b0 : 64 36 2F 77 69 6B 69 70 65 64 69 61 2F 63 6F 6D   d6/wikipedia/com
2c0 : 6D 6F 6E 73 2F 32 2F 32 31 2F 47 65 6F 6D 65 74   mons/2/21/Geomet
2d0 : 72 69 63 44 69 73 74 61 6E 63 65 54 6F 48 6F 72   ricDistanceToHor
2e0 : 69 7A 6F 6E 2E 70 6E 67 87 C7 26 DF 00 00 00 00   izon.png..&.....
2f0 : 49 45 4E 44 AE 42 60 82                           IEND.B`.



------------------------------------------------------------------------------
Got Input?   Slashdot Needs You.
Take our quick survey online.  Come on, we don't ask for help often.
Plus, you'll get a chance to win $100 to spend on ThinkGeek.
http://p.sf.net/sfu/slashdot-survey
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please see http://www.snort.org/docs for documentation
Previous By Date Next
Previous By Thread Next

Current thread: