[Snort-users] Break in attempt?

Martin Roesch roesch at ...421...
Tue Nov 7 11:28:27 EST 2000


That doesn't look like any shell code I've ever seen, so it's probably
something else.  It looks like it's saying that it's rejecting a protocol
called "LCP", which I also don't know off the top of my head.  I wouldn't
worry about it too much, although it might not be a bad idea to hook up
something with some beefier protocol analysis capabilities than Snort (like
Ethereal) and see what it has to say.

    -Marty

Preben Randhol wrote:
> 
> Does this looks like an break in attempt? I found it in the log of my
> machine that is connected to the net with ISDN.
> 
> Thanks in advance.
> 
> Nov  5 14:33:01 machine ipppd[357]: rcvd [0][LCP ProtRej id=0x90 d8 82
> 3c fd 3e f1 ce c8 03 42 52 3f 46 d0 6f e5 7c bb bd c2 80 94 6f 82 0f e7
> 42 86 40 c9 14 72 49 b9 d8 3a 4a 5c 33 0f 4d 86 aa 00 5d b7 69 51 b4 9a
> f6 72 df 10 dd 9f a7 9c 54 8e 9a 7d 73 a1 de 45 ba d6 a4 62 aa a4 29 a5
> 63
> 


-- 
Martin Roesch
roesch at ...421...
http://www.snort.org



More information about the Snort-users mailing list