Xbox: making up MAC 00:50:F2:* and IP address 0.0.0.1

Irwin Tillman irwin at princeton.edu
Tue Dec 4 23:02:03 GMT 2001


Examples of the xbox broadcast traffic (all presumably from a single box):

16:05:33.180672 0:50:f2:1c:e6:6b ff:ff:ff:ff:ff:ff 0800 366: 0.0.0.1.3074 > 255.255.255.255.3074:  [udp sum ok] udp 324 (ttl 64, id 38011, len 352)
16:05:35.167662 0:50:f2:16:85:64 ff:ff:ff:ff:ff:ff 0800 102: 0.0.0.1.3074 > 255.255.255.255.3074:  [udp sum ok] udp 60 (ttl 21, id 51668, len 88)
16:05:35.182813 0:50:f2:1c:e6:6b ff:ff:ff:ff:ff:ff 0800 366: 0.0.0.1.3074 > 255.255.255.255.3074:  [udp sum ok] udp 324 (ttl 64, id 39291, len 352)
16:05:37.191827 0:50:f2:16:85:64 ff:ff:ff:ff:ff:ff 0800 102: 0.0.0.1.3074 > 255.255.255.255.3074:  [udp sum ok] udp 60 (ttl 21, id 51924, len 88)
16:05:37.218269 0:50:f2:1c:e6:6b ff:ff:ff:ff:ff:ff 0800 366: 0.0.0.1.3074 > 255.255.255.255.3074:  [udp sum ok] udp 324 (ttl 64, id 40827, len 352)
16:05:38.673758 0:50:f2:55:f6:57 ff:ff:ff:ff:ff:ff 0800 102: 0.0.0.1.3074 > 255.255.255.255.3074:  [udp sum ok] udp 60 (ttl 21, id 1125, len 88)

The decodes of UDP payloads don't look recognizable to me; I've not posted
them above since without knowing what they contain, I can't be sure if
they might contain sensitive information.



More information about the unisog mailing list