[Snort-sigs] (no subject)

Gary Verhulp garyv at ...2734...
Mon Aug 16 07:52:57 EDT 2004


false positve for SID 2049
DNS on ephemeral port 1434

------------------------------------------------------------------------------
#(2 - 3720) [2004-07-26 16:35:03] nessus[snort/2049]  MS-SQL ping attempt
IPv4: 216.47.113.10 -> 216.47.114.50
      hlen=5 TOS=0 dlen=139 ID=48462 flags=0 offset=0 TTL=63 chksum=10872
UDP:  port=53 -> dport: 1434 len=119
Payload:  length = 111

000 : 02 47 85 80 00 01 00 01 00 02 00 01 0A 70 6F 69   .G...........poi
010 : 6E 74 32 2D 64 65 76 04 63 69 70 73 05 6E 6F 6B   nt2-dev
020 : 69 61 03 63 6F 6D 00 00 01 00 01 C0 0C 00 01 00   ..........
030 : 01 00 00 0E 10 00 04 D8 2F 71 F7 C0 17 00 02 00   ......../q......
040 : 01 00 00 0E 10 00 06 03 4E 53 31 C0 17 C0 17 00   ........NS1.....
050 : 02 00 01 00 00 0E 10 00 06 03 4E 53 32 C0 17 C0   ..........NS2...
060 : 47 00 01 00 01 00 00 0E 10 00 04 D8 2F 71 0A      G.........../q.




-- 
http://www.gmoneylove.com
-----------------------------------------
"They told me this would happen if I voted for Nader"




More information about the Snort-sigs mailing list