[Dshield] New signature?

Mark Martin wolf at bescape.com
Sat Aug 11 21:55:03 GMT 2001


I just noticed what looks like a network scan (my hosts were probed in a
very straight-forward incrementing order) with the following signature.  Is
this just someone cracking?

08/11-12:56:55.402215 0:50:BF:1A:E5:C3 -> 0:A0:C9:AC:C8:DC type:0x800
len:0x137
66.92.4.240:58000 -> 192.168.1.130:80 TCP TTL:113 TOS:0x0 ID:2821 IpLen:20
DgmLen:297 DF
***AP*** Seq: 0x8C7EC652  Ack: 0x6020FDB6  Win: 0x4470  TcpLen: 20
47 45 54 20 2F 78 2E 69 64 61 3F 41 41 41 41 41  GET /x.ida?AAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 3D 58 20 48 54 54 50 2F 31  AAAAAAA=X HTTP/1
2E 31 0A 48 6F 73 74 3A 20 65 65 79 65 0D 0A 0D  .1.Host: eeye...




More information about the list mailing list