[Intrusions] Burst of traffic, anyone know what this is?
jimmie mac
jmac at securityninjamonkeys.com
Thu Jul 22 16:03:06 GMT 2004
We just had a burst of traffic over 100Mb/s come in our front
door. Here is a capture is snort output:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
07/22-11:00:43.946778 xxx.xxx.xxx.xxx:1413 ->
xxx.xxx.xxx.xxx:11327
UDP TTL:115 TOS:0x0 ID:44533 IpLen:20 DgmLen:29
Len: 1
0x0000: 00 08 E2 87 29 BC 00 07 0D 1E 37 FC 08 00 45 00
....).....7...E.
0x0010: 00 1D AD F5 00 00 73 11 D7 BB 00 00 00 00 00 00
......s.........
0x0020: 00 00 05 85 2C 3F 00 09 DB F8 30 30 00 00 00 00
....,?....00....
0x0030: 00 00 00 00 00 00 00 00 00 00 00 00
............
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
It also came in like this:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
07/22-11:00:44.759627 xxx.xxx.xxx.xxx:1358 ->
xxx.xxx.xxx.xxx:24336
UDP TTL:114 TOS:0x0 ID:32871 IpLen:20 DgmLen:29
Len: 1
0x0000: 00 08 E2 87 29 BC 00 07 0D 1E 37 FC 08 00 45 00
....).....7...E.
0x0010: 00 1D 80 67 00 00 72 11 FB CC 00 00 00 00 00 00
...g..r.........
0x0020: 00 00 05 4E 5F 10 00 09 9E E1 30 30 00 00 00 00
...N_.....00....
0x0030: 00 00 00 00 00 00 00 00 00 00 00 00
............
Any idea what this is?
Jmac
More information about the Intrusions
mailing list