[prev in list] [next in list] [prev in thread] [next in thread]
List: intrusions
Subject: Followup + full packet dump: Odd TCP and UDP port 1167 attempts
From: Joseph <sgtphou () fire-eyes ! dynup ! net>
Date: 2002-12-25 11:50:18
[Download RAW message or body]
I've caught more, this time with full packet size dumps (not just the
tcpdump default):
06:43:51.557502 66.64.7.105.1214 > d163.as0.sfld.mi.voyager.net.1167:
[bad udp cksum 3d7!] udp 1313 (frag 3598
3:552@0+) (ttl 48, len 572)
0x0000 4500 023c 8c8f 2000 3011 6113 4240 0769 E..<....0.a.B@.i
0x0010 d85d 5908 04be 048f 0529 d747 c000 2116 .]Y......).G..!.
0x0020 befd 0020 6cd1 a82f f391 dfec cd6a b61b ....l../.....j..
0x0030 771e 2302 1f02 48a0 43cf 21e0 24e9 dec4 w.#...H.C.!.$...
0x0040 17f0 abc3 b6c4 bf16 5743 8c0a b9e6 e4ce ........WC......
0x0050 df64 54dd 362f 0635 96b7 89be 8177 ec91 .dT.6/.5.....w..
0x0060 009b b6e6 3439 c423 6f91 2840 0162 d0f2 ....49.#o.(@.b..
0x0070 a73d ea5c 3528 27dd 77c3 1ee9 2d56 c183 .=.\5('.w...-V..
0x0080 2e2c 5aa7 d638 e5e7 9df4 55b9 ca05 be20 .,Z..8....U.....
0x0090 f3f2 7ac7 590a ead7 3115 7eaa 748f cba6 ..z.Y...1.~.t...
0x00a0 94f1 02ed 71e0 7e30 7cf3 ee5a 139e 2731 ....q.~0|..Z..'1
0x00b0 99de c1a1 24b6 3ed8 763b 7ff7 f06c 5adf ....$.>.v;...lZ.
0x00c0 5647 51d2 a1f1 034b eaea fe1f cfd0 aff5 VGQ....K........
0x00d0 1223 5d41 2667 e14d 0dd6 d7f6 284e 5b9a .#]A&g.M....(N[.
0x00e0 269f d7f3 0ed3 be41 ef20 d19f c052 3e62 &......A.....R>b
0x00f0 9703 1fee cb5c c3ec 7204 a6cd 84b5 3f38 .....\..r.....?8
0x0100 2ad6 5fab f7ad 4380 c16a dc76 fdf7 17dc *._...C..j.v....
0x0110 aa52 4edb 9521 d9b1 32bc d95c 7167 5421 .RN..!..2..\qgT!
0x0120 6b95 3394 1267 1355 20ac 960d 0a9f 5496 k.3..g.U......T.
0x0130 4c36 4be9 900e 416e d92a 42bd 9d67 ca4b L6K...An.*B..g.K
0x0140 f4fe fc1e 160c 7b97 54d5 f61e e1a3 2adb ......{.T.....*.
0x0150 c0e5 66a6 32bb 876c 33a7 aea5 7776 995f ..f.2..l3...wv._
0x0160 9fd6 11de 2997 9726 397a 550a 7c01 4265 ....)..&9zU.|.Be
0x0170 ae4c 8017 c8e4 ff63 3ddc 5da5 3657 75e8 .L.....c=.].6Wu.
0x0180 3d44 09ca ad9a c4c7 47e0 55e1 ff7c e219 =D......G.U..|..
0x0190 a97a 77dc 221c d7bd 8f80 90b2 5f83 b5ff .zw."......._...
0x01a0 7824 a92d 6fa9 3a8e 5f5f 3cc7 b3a8 787d x$.-o.:.__<...x}
0x01b0 1443 0da0 f305 d3bb 222a 3a87 81a1 e44c .C......"*:....L
0x01c0 7fd3 7048 b928 5a51 ecec 45ef b66f d3d7 ..pH.(ZQ..E..o..
0x01d0 36d0 a992 1c87 548e e550 b9a3 6848 92ef 6.....T..P..hH..
0x01e0 7e72 8759 5dea cff1 9679 eb56 5578 6120 ~r.Y]....y.VUxa.
0x01f0 de31 0caa b13f 0d4c cd52 2511 6d90 8b5d .1...?.L.R%.m..]
0x0200 dbe6 85bc 3320 2c67 beae e0cd 870d 8f68 ....3.,g.......h
0x0210 97eb d09b f5f4 2979 6448 4605 3861 bb4c ......)ydHF.8a.L
0x0220 1547 4b73 b02a 76b3 4785 8686 5561 fc61 .GKs.*v.G...Ua.a
0x0230 cda4 a581 6bc3 fa12 1beb 576f ....k.....Wo
06:43:51.747496 66.64.7.105.3930 > d163.as0.sfld.mi.voyager.net.1167: S
[tcp sum ok] 33334803:33334803(0) win
60352 <mss 1460,nop,wscale 2,nop,nop,sackOK> (DF) (ttl 48, id 35984, len 52)
0x0000 4500 0034 8c90 4000 3006 4325 4240 0769 E..4..@.0.C%B@.i
0x0010 d85d 5908 0f5a 048f 01fc a613 0000 0000 .]Y..Z..........
0x0020 8002 ebc0 4c4e 0000 0204 05b4 0103 0302 ....LN..........
0x0030 0101 0402 ....
06:43:52.617501 66.64.7.105.3930 > d163.as0.sfld.mi.voyager.net.1167: S
[tcp sum ok] 33334803:33334803(0) win
60352 <mss 1460,nop,wscale 2,nop,nop,sackOK> (DF) (ttl 48, id 35986, len 52)
0x0000 4500 0034 8c92 4000 3006 4323 4240 0769 E..4..@.0.C#B@.i
0x0010 d85d 5908 0f5a 048f 01fc a613 0000 0000 .]Y..Z..........
0x0020 8002 ebc0 4c4e 0000 0204 05b4 0103 0302 ....LN..........
0x0030 0101 0402 ....
06:43:53.227490 66.64.7.105.3930 > d163.as0.sfld.mi.voyager.net.1167: S
[tcp sum ok] 33334803:33334803(0) win
60352 <mss 1460,nop,wscale 2,nop,nop,sackOK> (DF) (ttl 48, id 35987, len 52)
0x0000 4500 0034 8c93 4000 3006 4322 4240 0769 E..4..@.0.C"B@.i
0x0010 d85d 5908 0f5a 048f 01fc a613 0000 0000 .]Y..Z..........
0x0020 8002 ebc0 4c4e 0000 0204 05b4 0103 0302 ....LN..........
0x0030 0101 0402 ....
06:43:54.657498 66.64.7.105.1214 > d163.as0.sfld.mi.voyager.net.1167:
[bad udp cksum 3d7!] udp 1313 (frag 3598
8:552@0+) (ttl 48, len 572)
0x0000 4500 023c 8c94 2000 3011 610e 4240 0769 E..<....0.a.B@.i
0x0010 d85d 5908 04be 048f 0529 d747 c000 2116 .]Y......).G..!.
0x0020 befd 0020 6cd1 a82f f391 dfec cd6a b61b ....l../.....j..
0x0030 771e 2302 1f02 48a0 43cf 21e0 24e9 dec4 w.#...H.C.!.$...
0x0040 17f0 abc3 b6c4 bf16 5743 8c0a b9e6 e4ce ........WC......
0x0050 df64 54dd 362f 0635 96b7 89be 8177 ec91 .dT.6/.5.....w..
0x0060 009b b6e6 3439 c423 6f91 2840 0162 d0f2 ....49.#o.(@.b..
0x0070 a73d ea5c 3528 27dd 77c3 1ee9 2d56 c183 .=.\5('.w...-V..
0x0080 2e2c 5aa7 d638 e5e7 9df4 55b9 ca05 be20 .,Z..8....U.....
0x0090 f3f2 7ac7 590a ead7 3115 7eaa 748f cba6 ..z.Y...1.~.t...
0x00a0 94f1 02ed 71e0 7e30 7cf3 ee5a 139e 2731 ....q.~0|..Z..'1
0x00b0 99de c1a1 24b6 3ed8 763b 7ff7 f06c 5adf ....$.>.v;...lZ.
0x00c0 5647 51d2 a1f1 034b eaea fe1f cfd0 aff5 VGQ....K........
0x00d0 1223 5d41 2667 e14d 0dd6 d7f6 284e 5b9a .#]A&g.M....(N[.
0x00e0 269f d7f3 0ed3 be41 ef20 d19f c052 3e62 &......A.....R>b
0x00f0 9703 1fee cb5c c3ec 7204 a6cd 84b5 3f38 .....\..r.....?8
0x0100 2ad6 5fab f7ad 4380 c16a dc76 fdf7 17dc *._...C..j.v....
0x0110 aa52 4edb 9521 d9b1 32bc d95c 7167 5421 .RN..!..2..\qgT!
0x0120 6b95 3394 1267 1355 20ac 960d 0a9f 5496 k.3..g.U......T.
0x0130 4c36 4be9 900e 416e d92a 42bd 9d67 ca4b L6K...An.*B..g.K
0x0140 f4fe fc1e 160c 7b97 54d5 f61e e1a3 2adb ......{.T.....*.
0x0150 c0e5 66a6 32bb 876c 33a7 aea5 7776 995f ..f.2..l3...wv._
0x0160 9fd6 11de 2997 9726 397a 550a 7c01 4265 ....)..&9zU.|.Be
0x0170 ae4c 8017 c8e4 ff63 3ddc 5da5 3657 75e8 .L.....c=.].6Wu.
0x0180 3d44 09ca ad9a c4c7 47e0 55e1 ff7c e219 =D......G.U..|..
0x0190 a97a 77dc 221c d7bd 8f80 90b2 5f83 b5ff .zw."......._...
0x01a0 7824 a92d 6fa9 3a8e 5f5f 3cc7 b3a8 787d x$.-o.:.__<...x}
0x01b0 1443 0da0 f305 d3bb 222a 3a87 81a1 e44c .C......"*:....L
0x01c0 7fd3 7048 b928 5a51 ecec 45ef b66f d3d7 ..pH.(ZQ..E..o..
0x01d0 36d0 a992 1c87 548e e550 b9a3 6848 92ef 6.....T..P..hH..
0x01e0 7e72 8759 5dea cff1 9679 eb56 5578 6120 ~r.Y]....y.VUxa.
0x01f0 de31 0caa b13f 0d4c cd52 2511 6d90 8b5d .1...?.L.R%.m..]
0x0200 dbe6 85bc 3320 2c67 beae e0cd 870d 8f68 ....3.,g.......h
0x0210 97eb d09b f5f4 2979 6448 4605 3861 bb4c ......)ydHF.8a.L
0x0220 1547 4b73 b02a 76b3 4785 8686 5561 fc61 .GKs.*v.G...Ua.a
0x0230 cda4 a581 6bc3 fa12 1beb 576f ....k.....Wo
06:43:57.697508 66.64.7.105.1214 > d163.as0.sfld.mi.voyager.net.1167:
[bad udp cksum 3d7!] udp 1313 (frag 3598
9:552@0+) (ttl 48, len 572)
0x0000 4500 023c 8c95 2000 3011 610d 4240 0769 E..<....0.a.B@.i
0x0010 d85d 5908 04be 048f 0529 d747 c000 2116 .]Y......).G..!.
0x0020 befd 0020 6cd1 a82f f391 dfec cd6a b61b ....l../.....j..
0x0030 771e 2302 1f02 48a0 43cf 21e0 24e9 dec4 w.#...H.C.!.$...
0x0040 17f0 abc3 b6c4 bf16 5743 8c0a b9e6 e4ce ........WC......
0x0050 df64 54dd 362f 0635 96b7 89be 8177 ec91 .dT.6/.5.....w..
0x0060 009b b6e6 3439 c423 6f91 2840 0162 d0f2 ....49.#o.(@.b..
0x0070 a73d ea5c 3528 27dd 77c3 1ee9 2d56 c183 .=.\5('.w...-V..
0x0080 2e2c 5aa7 d638 e5e7 9df4 55b9 ca05 be20 .,Z..8....U.....
0x0090 f3f2 7ac7 590a ead7 3115 7eaa 748f cba6 ..z.Y...1.~.t...
0x00a0 94f1 02ed 71e0 7e30 7cf3 ee5a 139e 2731 ....q.~0|..Z..'1
0x00b0 99de c1a1 24b6 3ed8 763b 7ff7 f06c 5adf ....$.>.v;...lZ.
0x00c0 5647 51d2 a1f1 034b eaea fe1f cfd0 aff5 VGQ....K........
0x00d0 1223 5d41 2667 e14d 0dd6 d7f6 284e 5b9a .#]A&g.M....(N[.
0x00e0 269f d7f3 0ed3 be41 ef20 d19f c052 3e62 &......A.....R>b
0x00f0 9703 1fee cb5c c3ec 7204 a6cd 84b5 3f38 .....\..r.....?8
0x0100 2ad6 5fab f7ad 4380 c16a dc76 fdf7 17dc *._...C..j.v....
0x0110 aa52 4edb 9521 d9b1 32bc d95c 7167 5421 .RN..!..2..\qgT!
0x0120 6b95 3394 1267 1355 20ac 960d 0a9f 5496 k.3..g.U......T.
0x0130 4c36 4be9 900e 416e d92a 42bd 9d67 ca4b L6K...An.*B..g.K
0x0140 f4fe fc1e 160c 7b97 54d5 f61e e1a3 2adb ......{.T.....*.
0x0150 c0e5 66a6 32bb 876c 33a7 aea5 7776 995f ..f.2..l3...wv._
0x0160 9fd6 11de 2997 9726 397a 550a 7c01 4265 ....)..&9zU.|.Be
0x0170 ae4c 8017 c8e4 ff63 3ddc 5da5 3657 75e8 .L.....c=.].6Wu.
0x0180 3d44 09ca ad9a c4c7 47e0 55e1 ff7c e219 =D......G.U..|..
0x0190 a97a 77dc 221c d7bd 8f80 90b2 5f83 b5ff .zw."......._...
0x01a0 7824 a92d 6fa9 3a8e 5f5f 3cc7 b3a8 787d x$.-o.:.__<...x}
0x01b0 1443 0da0 f305 d3bb 222a 3a87 81a1 e44c .C......"*:....L
0x01c0 7fd3 7048 b928 5a51 ecec 45ef b66f d3d7 ..pH.(ZQ..E..o..
0x01d0 36d0 a992 1c87 548e e550 b9a3 6848 92ef 6.....T..P..hH..
0x01e0 7e72 8759 5dea cff1 9679 eb56 5578 6120 ~r.Y]....y.VUxa.
0x01f0 de31 0caa b13f 0d4c cd52 2511 6d90 8b5d .1...?.L.R%.m..]
0x0200 dbe6 85bc 3320 2c67 beae e0cd 870d 8f68 ....3.,g.......h
0x0210 97eb d09b f5f4 2979 6448 4605 3861 bb4c ......)ydHF.8a.L
0x0220 1547 4b73 b02a 76b3 4785 8686 5561 fc61 .GKs.*v.G...Ua.a
0x0230 cda4 a581 6bc3 fa12 1beb 576f ....k.....Wo
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic