[Dshield] UDP:9200 probe "Print Lexmark"

John Sage jsage at finchhaven.com
Sat Mar 1 16:11:47 GMT 2003


Interesting...


ngrep_port:  port 9200, host 62.101.214.228 in snort-0301 at 0627.log
Generated 08:02:14 (TZ -08:00) 03/ 1/2003

input: snort-0301 at 0627.log
filter: ip and ( host 62.101.214.228 and  port 9200 )
#
U 2003/03/01 06:47:37.160066 62.101.214.228:13702 -> 12.82.129.100:9200
  50 72 69 6e 74 20 4c 65    78 6d 61 72 6b             Print Lexmark
exit


snort via ACID:
------------------------------------------------------------------------------
#(650 - 151) [2003-03-01 06:47:37]  UDP inbound to range 1025-60999
IPv4: 62.101.214.228 -> 12.82.129.100
      hlen=5 TOS=0 dlen=41 ID=23491 flags=0 offset=0 TTL=114 chksum=18945
UDP:  port=13702 -> dport: 9200 len=21
Payload:  length = 13

000 : 50 72 69 6E 74 20 4C 65 78 6D 61 72 6B            Print Lexmark
------------------------------------------------------------------------------


Formal port assignment:

wap-wsp9200/tcp    WAP connectionless session service
wap-wsp9200/udp    WAP connectionless session service


whois?

BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
© 1999-2001 William E. Weinman 

% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html 

inetnum:      62.101.208.0 - 62.101.215.255
netname:      BLUECOM-ADSL-TRONDHEIM
descr:        BLUECOM-ADSL-TRONDHEIM
country:      NO
admin-c:      MK915-RIPE
tech-c:       BTaA1-RIPE
rev-srv:      thufir.bluecom.no
rev-srv:      gurney.bluecom.no
status:       ASSIGNED PA
notify:       hostmaster at bluecom.no
mnt-by:       BLUECOM-NO-MAINTAINER
changed:      mk-ripe at bluecom.no 20030218
source:       RIPE



- John
-- 
"Obviously, we do not want to leave zombies around."

    PGP key: http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint: C493 9F26 05A9 6497 9800  4EF6 5FC8 F23D 35A4 F705



More information about the list mailing list