[DShield] 3127/tcp by Doomjuice (Kaspersky) - MyDoom takeover?

Doug White doug at clickdoug.com
Mon Feb 9 22:22:11 GMT 2004


That is a packet capture using PortPeeker.  Nothing was actually transferred,
just a number of attempts.  It appears it was trying to upload several files,
right?

I have SNORT on the machine, but have discontinued using it due to it being
somewhat of a resource hog, and I use this machine for development.  It is
double firewalled.

======================================
Stop spam on your domain, Anti-spam solutions
http://www.clickdoug.com/mailfilter.cfm
For hosting solutions http://www.clickdoug.com
======================================
Aspire to Inspire before you Retire or Expire!


----- Original Message ----- 
From: "Pete Cap" <peteoutside at yahoo.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Monday, February 09, 2004 3:15 PM
Subject: Re: [DShield] 3127/tcp by Doomjuice (Kaspersky) - MyDoom takeover?


: Doug,
:
: What sniffer is that from?
:
: I'm no expert but it looks like a pretty glossed-over abstraction...
: Any chance you could post the entire datagram (ie, the IP header and
everything)?  Like a tcpdump or snort capture?
:
: Offhand it looks like the transfer of a large quantity of data.
:
: I wonder if the honeynets are tracking this...?
:
: Will look into it at work...
:
: Regards,
: Pete
: Doug White <doug at clickdoug.com> wrote:
: Here is a capture on a 3127 probe.
: Apparently from a dynamic IP in Australia.
: Packets are varying lengths.
:
: Anyone know how to translate these, I would appreciate the information
:
:
:
: ======================================
: Stop spam on your domain, Anti-spam solutions
: http://www.clickdoug.com/mailfilter.cfm
: For hosting solutions http://www.clickdoug.com
: ======================================
: Aspire to Inspire before you Retire or Expire!
:
:
: ----- Original Message ----- 
: From: "Erik van Straten"
: To:
:
: Sent: Monday, February 09, 2004 12:46 PM
: Subject: [DShield] 3127/tcp by Doomjuice (Kaspersky) - MyDoom takeover?
:
:
: : List,
: :
: : I've observed a rapid increase in 3127/tcp scans from seemingly
: : random IP's. They're sequentially scanning our IP's, bottom-up.
: :
: : These seem to match Kasperky's Doomjuice (published ~ 2 hours ago):
: : http://www.viruslist.com/eng/alert.html?id=930701
: :
: : Details, incl. address generation algorithm:
: : http://www.viruslist.com/eng/viruslist.html?id=930677
: :
: : Supposedly it also causes a DDoS agains Microsoft.
: :
: : Note that this one seems to differ from Symantec's Deadhat:
: :
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deadhat.html
: :
: : According to Symantec's description, Deadhat scans 3127/tcp, 3128/tcp
: : and 1080/tcp (I've seen one or two of those).
: :
: : Regards,
: : Erik van Straten
: :
: : _______________________________________________
: : list mailing list
: : list at dshield.org
: : To change your subscription options (or unsubscribe), see:
: http://www.dshield.org/mailman/listinfo/list
: :
: :
:
: TCP Connection Request
: --- 2/9/2004 13:36:12.860
:
: 203.91.78.176 : 3291 TCP Connected ID = 1
: --- 2/9/2004 13:36:12.860
: Status Code: 0 OK
:
: 203.91.78.176 : 3291 TCP Data In Length 5 bytes : MD5 =
DD24B5AE639F3E697F0CB15AEE609F7C
: --- 2/9/2004 13:36:12.860
: 0000 85 13 3C 9E A2 ..<..
:
:
: 203.91.78.176 : 3291 TCP Data In Length 1460 bytes : MD5 =
218D4518EDBB78D57B4FE75BAAEDE8B5
: --- 2/9/2004 13:36:13.531
: 0000 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 MZ..............
: 0010 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ........ at .......
: 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 0030 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 ................
: 0040 0E 1F BA 0E 00 B4 09 CD 21 B8 01 4C CD 21 54 68 ........!..L.!Th
: 0050 69 73 20 70 72 6F 67 72 61 6D 20 63 61 6E 6E 6F is program canno
: 0060 74 20 62 65 20 72 75 6E 20 69 6E 20 44 4F 53 20 t be run in DOS
: 0070 6D 6F 64 65 2E 0D 0D 0A 24 00 00 00 00 00 00 00 mode....$.......
: 0080 B5 2E 24 6F F1 4F 4A 3C F1 4F 4A 3C F1 4F 4A 3C ..$o.OJ<.OJ<.OJ<
: 0090 0B 6B 0A 3C F3 4F 4A 3C 0B 6C 53 3C F8 4F 4A 3C .k.<.OJ<.lS<.OJ<
: 00A0 F1 4F 4B 3C DE 4F 4A 3C 0B 6B 56 3C F0 4F 4A 3C .OK<.OJ<.kV<.OJ<
: 00B0 0B 6B 77 3C F0 4F 4A 3C 52 69 63 68 F1 4F 4A 3C .kw<.OJ00C0 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 ................
: 00D0 50 45 00 00 4C 01 03 00 12 4A 16 40 00 00 00 00 PE..L....J. at ....
: 00E0 00 00 00 00 E0 00 0F 01 0B 01 07 00 00 90 00 00 ................
: 00F0 00 10 00 00 00 50 00 00 00 E7 00 00 00 60 00 00 .....P.......`..
: 0100 00 F0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 ...... at .........
: 0110 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 ................
: 0120 00 00 01 00 00 10 00 00 00 00 00 00 02 00 00 00 ................
: 0130 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 ................
: 0140 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ................
: 0150 00 F0 00 00 04 01 00 00 00 00 00 00 00 00 00 00 ................
: 0160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 0170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 0180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 0190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 01A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 01B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 01C0 00 00 00 00 00 00 00 00 55 50 58 30 00 00 00 00 ........UPX0....
: 01D0 00 50 00 00 00 10 00 00 00 00 00 00 00 04 00 00 .P..............
: 01E0 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 E0 ................
: 01F0 55 50 58 31 00 00 00 00 00 90 00 00 00 60 00 00 UPX1.........`..
: 0200 00 8A 00 00 00 04 00 00 00 00 00 00 00 00 00 00 ................
: 0210 00 00 00 00 40 00 00 E0 55 50 58 32 00 00 00 00 .... at ...UPX2....
: 0220 00 10 00 00 00 F0 00 00 00 02 00 00 00 8E 00 00 ................
: 0230 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 ............ at ...
: 0240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 0250 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 0260 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 0270 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 0280 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 0290 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 02A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 02B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 02C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 02D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 02E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 02F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 0300 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 0310 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 0320 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 0330 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 0340 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 0350 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 0360 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 0370 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 0380 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 0390 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 03A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 03B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 03C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
: 03D0 00 00 00 00 00 00 00 00 00 00 00 31 2E 32 34 00 ...........1.24.
: 03E0 55 50 58 21 0C 09 02 09 F9 DE A8 6E B5 5C BA 83 UPX!.......n.\..
: 03F0 98 C3 00 00 FA 86 00 00 00 A8 00 00 26 05 00 36 ............&..6
: 0400 FF 1F 0A 92 00 42 5A 68 39 31 41 59 26 53 59 A0 .....BZh91AY&SY.
: 0410 14 2F 03 F2 FF DC 6A 00 C5 3F FF EF FF FE C3 14 ./....j..?......
: 0420 FF C0 00 08 40 FF F2 FF BB 40 7E C0 00 40 88 E0 .... at ....@~.. at ..
: 0430 8E BE FB DB EB AC 00 0E 80 1B 0D 0A 01 6D A8 02 .............m..
: 0440 FF FF FF FF 94 AD 0F 70 EF 37 86 F7 BD 56 5E EC .......p.7...V^.
: 0450 F5 06 1E E8 E7 58 EF 57 A3 DE FB BE F3 BC BE D8 .....X.W........
: 0460 D1 9B 03 3B FF FF FF FF BE E7 A7 B3 B7 3E DE E3 ...;.........>..
: 0470 7D DE B7 5E 57 4A 5C D9 7B 6B E7 DE 3C A3 CB 7D }..^WJ\.{k..<..}
: 0480 E0 FB 2C FB EB DD F7 76 FF FF FF FF BB 2D CC 7D ..,....v.....-.}
: 0490 75 D5 55 F6 D1 99 F6 1C AE 0C 50 15 40 DF 3D 1F u.U.......P. at .=.
: 04A0 3E 4E FB 8E B0 C9 AA 92 BE DB DE B1 BF FC FF FF >N..............
: 04B0 E4 0A 77 73 37 65 B5 37 8F 7B 2E CC C1 E9 CD 96 ..ws7e.7.{......
: 04C0 D4 75 8D 35 ED 85 83 61 16 A8 0F FF FF FF FF 6C .u.5...a.......l
: 04D0 3A D3 26 1E 7B EF 91 45 DE F4 C9 36 6D 4D B3 6A :.&.{..E...6mM.j
: 04E0 1B 66 9A EE C2 ED 7C 19 BB 6C 7D 9A A1 09 74 DF .f....|..l}...t.
: 04F0 FE FF FF D3 6C 6D DB 72 7D 7C DE E9 ED C1 EB 3D ....lm.r}|.....=
: 0500 E2 A2 B9 A6 46 6E F4 CF 6F 3A 93 1C 76 D7 7C FF ....Fn..o:..v.|.
: 0510 FF FF ED 8C 79 7D 97 FA 77 B6 FB EA F1 77 43 2B ....y}..w....wC+
: 0520 DF 36 FA F5 6A ED F7 71 7C 2C 7D DF 77 BD 0A FF .6..j..q|,}.w...
: 0530 FF FF FF DB 74 A9 39 69 D0 EE CB BD 33 95 E4 A3 ....t.9i....3...
: 0540 9F 7B DA CF 2C B6 C3 AE 6B 47 AE 7B DE F2 DA BD .{..,...kG.{....
: 0550 EE EC 36 FF FF FF DB EB 77 90 D5 EA D6 CE B7 B6 ..6.....w.......
: 0560 8F 28 A1 26 8D 90 F5 E9 C5 14 AF 6E B5 25 59 95 .(.&.......n.%Y.
: 0570 DB 75 57 FF BF FD FF B6 35 EE A4 CD C7 B0 AF 4D .uW.....5......M
: 0580 F0 69 77 B2 8D BB CD DB 21 F2 EF 62 F3 EE 5F 5B .iw.....!..b.._[
: 0590 B5 A3 D2 FF FF FF FF A8 F7 31 DB 67 D6 3B 2F 33 .........1.g.;/3
: 05A0 76 9D B2 2E 4D 4F 2A 42 50 82 00 02 00 09 A0 00 v...MO*BP.......
: 05B0 93 00 13 09 ....
:
:
: 203.91.78.176 : 3291 TCP Data In Length 1455 bytes : MD5 =
00251D6571DEBC5F5C9B33B3ACD1E3D7
: --- 2/9/2004 13:36:16.145
: 0000 A6 89 86 FF FF FF FF 81 34 D4 9F A9 8A 78 4C A1 ........4....xL.
: 0010 A6 9A 68 03 23 D4 00 34 D1 1A 00 41 04 4C 84 C2 ..h.#..4...A.L..
: 0020 35 32 9E 4C 4C 46 88 FF C3 C2 B7 D3 19 A0 F5 1E 52.LLF..........
: 0030 A6 81 1A C2 09 04 90 84 34 4D 1A FF FF ED FF 4C ........4M.....L
: 0040 83 10 89 E2 98 99 4F 09 B5 4F 52 28 C6 A6 4C 26 ......O..OR(..L&
: 0050 13 4C 4F 49 A1 90 01 A0 69 A6 86 ED FF FF FF 80 .LOI....i.......
: 0060 09 3D 52 92 24 D0 53 D5 3D A5 36 48 F5 3D 4D 0D .=R.$.S.=.6H.=M.
: 0070 A3 29 EA 64 1E 9A 80 34 34 F5 5D FF FF 3F 18 0A .).d...44.]..?..
: 0080 89 24 21 90 04 02 60 42 9E D0 89 B4 A6 7A A9 B6 .$!...`B.....z..
: 0090 64 43 21 81 09 FF FF FF FF A9 E4 C9 E8 13 14 CD dC!.............
: 00A0 46 9E 93 26 41 E9 19 A4 6D 40 89 22 04 01 00 4C F..&A...m at ."...L
: 00B0 43 20 86 11 89 3D 12 9F A6 7F FB FF 6F 2D C9 A6 C ...=.....o-..
: 00C0 A8 D8 53 D2 7A A3 CA 7A 99 0C 81 84 00 03 27 FE ..S.z..z......'.
: 00D0 5B 70 FD FF E9 FF F6 FF FF AF 09 FC 3F 8F A8 B1 [p..........?...
: 00E0 FB BF A7 F5 C9 0F DD 3F BE 3F B4 BB DB FB 0A A2 .......?.?......
: 00F0 A1 0A CD A1 04 FF FF 2F FC FF 75 7C 00 4B 04 0E ......./..u|.K..
: 0100 0E 88 FB 23 CD 0F 08 0A 1C C7 FF D4 AA 73 57 44 ...#.........sWD
: 0110 B2 B1 87 DF FE FF FF BC C4 08 FE 70 F2 C8 87 47 ...........p...G
: 0120 26 BE 1E C4 0D DF D1 BB 51 24 69 95 95 33 20 92 &.......Q$i..3 .
: 0130 A0 C8 9B FF FF FF FF 04 17 6B 15 29 FE CF 9E E4 .........k.)....
: 0140 B7 88 BE 10 44 FA CB CA AB C9 AB 48 AA 77 6D 05 ....D......H.wm.
: 0150 8B 41 A5 F1 4F E1 72 FF FF FF FF 97 3A 68 84 10 .A..O.r.....:h..
: 0160 91 01 BA 32 12 1C 7F D9 46 60 66 14 A2 11 6A 94 ...2...F`f...j.
: 0170 D5 10 D0 BD CE 61 2E 0D 38 25 22 FF FF FF FF 6B .....a..8%"....k
: 0180 D8 52 03 79 87 FB 49 56 33 08 23 F1 3D 00 8A 95 .R.y..IV3.#.=...
: 0190 54 80 D1 09 0A 24 43 DC 87 23 F3 DE BC F4 F2 FF T....$C..#......
: 01A0 FF FF FF 33 56 F1 AC 41 8D 89 26 16 4C 53 23 14 ...3V..A..&.LS#.
: 01B0 B0 1A 62 0C 62 D4 35 2D 34 0C 92 4D 92 62 88 A0 ..b.b.5-4..M.b..
: 01C0 CA A2 25 FF FF FF FF 64 D6 4D 8A D1 A2 8D 1A 2B ..%....d.M.....+
: 01D0 21 5A 48 32 50 50 46 66 A3 54 C4 B6 12 C5 25 68 !ZH2PPFf.T....%h
: 01E0 C8 6C 69 34 4A 52 9A FF C2 FF FF 43 51 B1 A4 35 .li4JR.....CQ..5
: 01F0 15 A2 B1 6C A6 65 8A 80 C9 01 49 A3 48 6F 98 CC ...l.e....I.Ho..
: 0200 92 C5 19 34 CD FF 7F E3 FF 95 2C 94 A1 28 58 1A ...4.....,..(X.
: 0210 63 64 D1 6D A7 8D 49 21 61 9A 8A 22 62 46 82 31 cd.m..I!a.."bF.1
: 0220 A6 49 51 FF FF FF C6 05 5B 10 28 65 22 C8 36 66 .IQ.....[.(e".6f
: 0230 57 55 D5 A9 53 58 AA 59 59 7E 4A E7 9D 5D 9B 0A WU..SX.YY~J..]..
: 0240 9A FF FF FF FF CD 44 49 42 FE 57 57 C5 BC 24 C1 ......DIB.WW..$.
: 0250 31 8C 63 07 8C 0F BC 35 59 FF 7E 36 79 80 E3 C9 1.c....5Y.~6y...
: 0260 CA 84 6B E9 5E FF FF FF FF D7 BF AD E5 79 81 5F ..k.^........y._
: 0270 33 79 30 97 38 F3 5D AD 11 A4 A5 18 03 4D 7F 4F 3y0.8.]......MO
: 0280 AA D7 2B F8 CD C1 18 59 18 FF FF FF FF 44 98 11 ..+....Y.....D..
: 0290 2D A7 C3 B8 35 96 48 88 4C 58 DA 55 95 58 98 CA -...5.H.LX.U.X..
: 02A0 34 26 5A 53 49 B1 AA 29 34 91 06 B4 A8 BF F1 FF 4&ZSI..)4.......
: 02B0 6F CA A4 DA CC AD 86 95 23 79 C5 74 6A 8A 85 A8 o.......#y.tj...
: 02C0 C8 7A 5B 18 23 54 91 FF FF FF FF B2 96 2A 36 64 .z[.#T.......*6d
: 02D0 85 50 C2 31 1B 18 01 58 A2 5C E1 24 44 08 69 1A .P.1...X.\.$D.i.
: 02E0 29 43 4C 1A 5A 2A 23 09 0C 69 4C FE FF FF FF D9 )CL.Z*#..iL.....
: 02F0 8C 98 6A 60 A6 8D 22 24 54 D9 A8 4B 11 9A 62 4C ..j`.."$T..K..bL
: 0300 D8 15 34 49 1A 4A 65 98 90 A3 44 58 82 4C FF FF ..4I.Je...DX.L..
: 0310 FF DF 3F 98 2C A5 31 81 99 B5 DD DB 65 86 8C 26 ..?.,.1.....e..&
: 0320 23 BA EA 4D 09 43 1A 52 B9 76 CC 48 9C ED 13 FF #..M.C.R.v.H....
: 0330 FF DB FF 4A CA 41 28 DA A3 46 0D A9 45 9E 98 0C ...J.A(..F..E...
: 0340 A5 90 B3 19 22 54 29 A9 A4 32 34 99 B4 95 32 FF ...."T)..24...2.
: 0350 FF FF FF C6 A4 A9 64 99 23 61 1B 16 69 35 49 46 ......d.#a..i5IF
: 0360 52 94 C6 99 F4 75 5C A8 35 92 D6 5B 4C B6 69 4D R....u\.5..[L.iM
: 0370 13 2C 6C 7F E1 FF B7 C5 B4 DB 16 83 6E 5B B3 23 .,l........n[.#
: 0380 65 2A 54 A6 2B 12 37 84 96 06 D5 26 DA FF FF 2F e*T.+.7....&.../
: 0390 FC 8B 48 91 A6 6A 68 3C B2 0D 15 64 21 4D 20 9B ..H..jh<...d!M .
: 03A0 0C DA 83 4B 6B 66 DB 4B 59 56 8D FF FF FF FF 6C ...Kkf.KYV.....l
: 03B0 84 50 88 33 EA 80 88 0B A2 08 04 80 0A B0 4D E6 .P.3..........M.
: 03C0 3F D4 4E D3 B1 BE 67 6D 29 13 74 85 06 AB 8E FC ?.N...gm).t.....
: 03D0 FF FF FF 11 47 19 1A 3A 7A 30 C1 3C 8D B8 B7 85 ....G..:z0.<....
: 03E0 18 D7 CF 83 1C FC 6B 0A 52 21 B8 36 C2 33 7A 54 ......k.R!.6.3zT
: 03F0 3B FF FF 5F 6A 85 59 F8 66 51 B4 63 50 4C 28 EB ;.._j.Y.fQ.cPL(.
: 0400 B9 94 1A 6E 91 B5 13 0C 75 D6 A5 FF FF FF FF 81 ...n....u.......
: 0410 5D 07 58 77 5C A0 DB EE 85 BD 7B 39 5E CB 9E 77 ].Xw\.....{9^..w
: 0420 65 F0 6E D2 1E 97 B5 E6 E9 89 0D CA C4 CD 34 FF e.n...........4.
: 0430 FF 85 FF 71 A8 D0 CC 8D 92 42 04 82 EF 1B 31 6E ...q.....B....1n
: 0440 DB 49 72 1F 9B B4 94 E5 50 DC 18 6E A0 F8 FF 6F .Ir.....P..n...o
: 0450 FD AC 89 7E B9 FD 4A D4 D3 B3 63 39 93 FD 08 D0 ...~..J...c9....
: 0460 1A 69 33 6D 87 D2 C1 92 FF FF FF 5F 43 5D DE A8 .i3m......._C]..
: 0470 B0 BB E9 68 5A DB 5C 51 6A CC 24 40 D8 2A 32 0D ...hZ.\Qj.$@.*2.
: 0480 1C 3C 6D D0 60 F2 6E E8 3A FF 7F 81 FF BA 57 AF .0490 9F AE F8 FA F3 63
41 BC 06 A1 3C 17 65 E8 4D D2 .....cA...<.e.M.
: 04A0 D1 D2 13 50 6F FF FF BF F5 28 D4 51 B6 C6 81 A7 ...Po....(.Q....
: 04B0 31 3D 57 62 C1 E1 84 AE 11 C6 38 CA 19 0A C3 07 1=Wb......8.....
: 04C0 07 5B 63 AD 7F E3 FF 63 74 91 B1 BC 2E D5 06 30 .[c...ct......0
: 04D0 AD 10 CA 43 36 A8 85 98 F5 B2 CE FF FF D6 FA 80 ...C6...........
: 04E0 EC 15 72 41 FC C5 3D 33 66 91 4C 90 91 ED 0B AB ..rA..=3f.L.....
: 04F0 50 D6 AD 1B 5B FF FF FF FF 62 D5 69 A7 9B 51 57 P...[....b.i..QW
: 0500 59 5A AC 8A DB 64 06 E1 21 18 D4 8F 21 58 B1 AB YZ...d..!...!X..
: 0510 22 D3 D0 9B 1E 43 56 37 21 FF FF BF FD 50 C4 C6 "....CV7!....P..
: 0520 98 C6 F2 4E 5C 02 21 3D 43 43 09 1C 65 B2 B4 DA ...N\.!=CC..e...
: 0530 D4 32 93 2D AD 9C AE E5 13 FF FF 17 FE 7B 33 4C .2.-.........{3L
: 0540 6C CE 72 BD 88 69 81 B2 BD 2D EC DC F3 BB 78 DB l.r..i...-....x.
: 0550 9E 37 AB D9 B5 93 6A FF FF BF F5 24 A0 19 1B 26 .7....j....$...&
: 0560 4F 93 59 E4 FB 9E DD B7 40 71 0D 13 29 63 1B 42 O.Y..... at q..)c.B
: 0570 41 D2 CD 87 F8 FF FF FF FF 6C 93 CC 3F B5 EA DC A........l..?...
: 0580 17 46 79 B9 F3 C6 66 46 C8 30 66 41 07 C0 58 31 .Fy...fF.0fA..X1
: 0590 86 93 A4 A7 75 4E D7 5C C9 FF FF FF 85 97 2D 29 ....uN.\......-)
: 05A0 4A 03 4B 4D 1E A1 D6 2C 66 42 26 A9 12 D9 81 J.KM...,fB&....
:
:
: 203.91.78.176 : 3291 TCP Data In Length 1460 bytes : MD5 =
D2C341B4D0F230574C06A4DB333F15F3
: --- 2/9/2004 13:36:22.304
: 0000 1A 23 01 C8 CB DE 4C 9C FA FF FF FF CF FB F5 7B .#....L........{
: 0010 35 E3 AB B9 DE BB CD EC C9 8A 36 0F 76 E6 18 6C 5.........6.v..l
: 0020 F5 D9 77 49 73 76 47 5D BA 8D 6F FC DF 6F 36 DD ..wIsvG]..o..o6.
: 0030 EE AF 4F 4B 7B 2F 48 93 66 53 E1 BA 2D 7A FF FF ..OK{/H.fS..-z..
: 0040 FF FF 48 31 EF DC CC 90 8D 2F 3D 76 DE 44 DF 67 ..H1...../=v.D.g
: 0050 B8 D0 22 49 09 44 57 8E 8F 4D EC F3 CE AE CC 99 .."I.DW..M......
: 0060 26 12 1B 7F FB F6 86 F1 AE 7E 3A 0D F2 77 B4 4E &.......~:..w.N
: 0070 F1 52 6A B9 B7 27 B8 77 E1 BF F1 FF 3A EE E8 07 .Rj..'.w....:...
: 0080 75 C2 B2 09 B4 62 4D 12 05 BC 62 A9 66 8D F0 EE u....bM...b.f...
: 0090 4D EA FF FF FF 7F C4 B7 37 AF A7 77 79 BA DD 1B M......7..wy...
: 00A0 4B 20 C8 28 9D 81 02 31 43 64 DB 89 39 23 43 92 K .(...1Cd..9#C.
: 00B0 95 76 2F 9F FE BF F4 FF BD 37 94 F8 AE BD F8 EB .v/......7......
: 00C0 A9 74 34 90 94 DE 97 4B 0E E3 77 1D 1B 97 42 F3 .t4....K..w...B.
: 00D0 DF 6F F0 FF DF EC 6E 24 62 6C 6B FE B6 31 8E F6 .o....n$blk..1..
: 00E0 45 5D 8D B3 9E D5 E8 78 E0 03 8D FF FF FF 0B B7 E].....x........
: 00F0 77 C1 D1 24 9B D4 94 97 3D 39 E1 06 49 14 36 51 w..$....=9..I.6Q
: 0100 94 62 C5 D6 F3 B5 CA F0 F8 FF FF FF 76 46 30 6C .b..........vF0l
: 0110 6C 2B 96 05 64 94 B1 B8 40 6C 83 19 F9 DF 1F 3C l+..d... at l.....<
: 0120 53 7A 97 6A F7 6B 14 5B 09 FF FF FF 17 0F 44 84 Sz.j.k.[......D.
: 0130 89 08 12 0E 68 01 BE CF E8 A9 5B A6 3F 3D 60 36 ....h.....[.?=`6
: 0140 62 C8 D4 56 21 28 46 16 0B FF FF FF 27 C7 CF 36 b..V!(F.....'..6
: 0150 BC EE BE 0A F3 7E AE EE F5 C7 79 D5 CB E8 EE F4 .....~....y.....
: 0160 AE 91 8E 6E 7B 96 FF FF FF FF EC E5 CD BA 5C B6 ...n{.........\.
: 0170 2E 6D D3 1C DA DC 77 58 B7 2D 1A 22 E5 5C 80 65 .m....wX.-.".\.e
: 0180 A0 A7 76 AB 96 22 90 0C 58 A5 FF FF FF FF CC CC ..v.."..X.......
: 0190 CA 12 7F C2 2D 17 B4 3F 54 2E 89 10 20 2C 7E CF ...-..?T... ,~.
: 01A0 B4 97 D1 A9 24 52 4A 7F C1 B6 6A 8F 5C 9E FF FF ....$RJ..j.\...
: 01B0 FF FF CD 25 58 17 6F E2 AB 77 99 EF CD 92 EC 1E ...%X.o..w......
: 01C0 85 B0 E0 C3 69 0C D4 0C C5 17 F2 F5 9F 23 4B 18 ....i........#K.
: 01D0 3D E7 7F 89 6F FC 79 D2 09 BC 18 9B 76 3B 5C FD =..o.y.....v;\.
: 01E0 DF CA 19 AF F0 C5 2A CB ED FF FF FF 67 38 53 89 ......*.....g8S.
: 01F0 9A D5 0D 30 A7 64 1B 15 BD EB D2 D0 CD B1 EF CE ...0.d..........
: 0200 98 72 84 19 18 0C C9 E2 FF 02 FF D6 CC 44 05 FB .r...........D..
: 0210 3F 51 7B FB 62 83 60 D5 9F FA E1 7A 27 94 FF FF ?Q{.b.`....z'...
: 0220 FF FF FF CF 0B 06 35 F0 E7 D4 FE 4D 34 10 D9 C9 ......5....M4...
: 0230 DB 6B 6F 95 D7 2D 3C F0 2F D2 07 1B 1A 35 41 19 .ko..-<./....5A.
: 0240 D3 16 FF BF FD FF BB 3B 49 18 42 01 21 2D 45 29 .......;I.B.!-E)
: 0250 F4 23 00 C6 76 0E 19 91 BF A4 F4 DA C7 F7 05 74 .#..v..........t
: 0260 11 31 FF BF F1 FF 9D D1 A8 24 9C 4A 8A 20 DB CE .1.......$.J. ..
: 0270 76 FA 11 9B 67 DE 1F E6 9D B9 4F E9 FE 8B D8 D6 v...g.....O.....
: 0280 FF 2F F1 FF 0D 8D 8C 3B A7 8B E5 5F 37 B7 9E 59 ./.....;..._7..Y
: 0290 C6 D1 3B 6C 92 25 E7 CF DD 91 AA DE FF 05 FE FF ..;l.%..........
: 02A0 96 2F 4D E8 BC EB 70 9E 4E B7 2A 0D 78 D7 22 A5 ./M...p.N.*.x.".
: 02B0 F9 7E DE DB 6D B7 B7 B5 5F E0 BF F0 E4 39 C3 52 .~..m..._....9.R
: 02C0 83 9B 5C DB EF AD 78 B1 B1 B1 B1 A2 30 89 FF FF ..\...x.....0...
: 02D0 FF FF E1 0E 58 12 60 40 F5 1F 1F C2 48 D4 7E 54 ....X.`@....H.~T
: 02E0 43 B9 14 2C 03 E4 F2 C3 AF 8A 0C 45 FF AE 2E 7C C..,.......E...|
: 02F0 58 78 FF FF 02 FF F8 8F 88 E8 46 2C 45 D1 3B 63 Xx........F,E.;c
: 0300 24 65 10 40 4E 65 11 34 BE 89 48 22 BC 7D FF FF $e. at Ne.4..H".}..
: 0310 7F FB 8C 89 09 08 49 B5 E3 A3 08 48 60 5E 0D FD .....I....H`^..
: 0320 44 20 88 3E 6B 50 7F A6 76 54 1B D2 20 37 FF 0B D .>kP.vT.. 7..
: 0330 5F E0 A9 36 80 76 02 9C 2C 36 17 E7 84 87 2E 93 _..6.v..,6......
: 0340 10 8C B7 39 FF FF FF FF 85 8F ED C9 00 B1 84 CA ...9............
: 0350 57 33 36 61 E8 7C 86 DB 19 A0 42 6F 70 3B CD 8C W36a.|....Bop;..
: 0360 04 1F C9 4F 0B D8 BE 59 F0 FF FF FF 5B 6C ED 40 ...O...Y....[l.@
: 0370 CA EF FD 7F 8A 1E 16 79 7F 55 A8 2C B2 E9 09 FB ......yU.,....
: 0380 FC 7D FA 47 0B E8 EF C3 0B FD DB BF F3 F7 7F CB .}.G...........
: 0390 02 70 17 FC 05 B3 FA 4F 02 7A 8A EA 9B 6B FF 1B .p.....O.z...k..
: 03A0 FF FF F8 D6 6F 1C 0F 4D 4C 89 2B 5D 70 F1 57 03 ....o..ML.+]p.W.
: 03B0 01 D6 6E B8 C6 57 2F B3 4A FF 2D C8 FE FF FF FF ..n..W/.J.-.....
: 03C0 27 AF 5A 23 22 1A D4 0F 2A 89 EC 57 90 06 FB 66 '.Z#"...*..W...f
: 03D0 FA 3C DF AB CB 24 9F F1 E6 A1 24 E4 88 06 90 FF .<...$....$.....
: 03E0 FF FF 25 E1 56 B5 D0 47 DA A2 88 0C 84 8C 69 BB ..%.V..G......i.
: 03F0 5F 71 AB 95 BF 07 71 5B DB 35 CA FC 0B BF C5 FF _q....q[.5......
: 0400 66 9E 76 2D A8 EC 70 BE F0 10 8B 81 06 7C FF A7 f.v-..p......|..
: 0410 91 80 FF FF FF FF 36 6B 48 61 58 9C 24 19 15 90 ......6kHaX.$...
: 0420 29 90 CA 82 A5 DD 3D 17 3B 7F E4 DA BA 02 8A 25 ).....=.;.....%
: 0430 1C 07 1A 53 12 75 FF FF BF FD 31 13 FC E2 93 F7 ...S.u....1.....
: 0440 04 34 3C 96 F9 3B 4B FC BB F4 79 98 25 B7 57 34 .4<..;K...y.%.W4
: 0450 DD FF 30 AC 64 8C FF FF FF FF 8B 68 70 39 83 07 ..0.d......hp9..
:
: === message truncated ===_______________________________________________
: list mailing list
: list at dshield.org
: To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
:
:
: ---------------------------------
: Do you Yahoo!?
: Yahoo! Finance: Get your refund fast by filing online
: _______________________________________________
: list mailing list
: list at dshield.org
: To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
:
:




More information about the list mailing list