[Dshield] From 127.0.0.1:80

John Sage jsage at finchhaven.com
Tue Feb 17 06:57:57 GMT 2004


Here are several of these Blaster-caused oddities that snort saw on my
external interface, eth0:


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/16-16:51:32.774534 127.0.0.1:80 -> 24.19.14x.xxx:1017 TCP TTL:122
TOS:0x0 ID:4246 IpLen:20 DgmLen:40 ***A*R** Seq: 0x0 Ack: 0x23320001
Win: 0x0 TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/16-20:54:48.054646 127.0.0.1:80 -> 24.19.14x.xxx:1403 TCP TTL:122
TOS:0x0 ID:5749 IpLen:20 DgmLen:40 ***A*R** Seq: 0x0 Ack: 0x72370001
Win: 0x0 TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+



- John
-- 
"Mad cow? You'd be mad too, if someone was trying to eat you."




More information about the list mailing list