[Dshield] Unusual snort traffic

Chan, Stephen (TIS, Singapore) stephen_chan at sg.ml.com
Fri Nov 9 10:24:47 GMT 2001


Hi, this traffic pattern has me stumped. The attached file is a snort log
collected over a couple of weeks. It's in CSV format so you can import into
Excel with no problems.

xx.yy.zz.64 is my host
209.221.176.6 is the strange box 

two things confound me: the broadcast 255.255.255.255 destination address
and the repeating sequence numbers.

Would appreciate any sort of insight into this.

Thanks

Stephen Chan


 <<traffic.csv>> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: traffic.csv
Type: application/octet-stream
Size: 13313 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20011109/c6ee0fc8/traffic.obj


More information about the list mailing list