[Snort-users] anything to worry about?

Robert E. Leever bel1 at ...358...
Fri Oct 6 12:51:20 EDT 2000


Whitehat's Archinid shows 3 hits for WinGate, and one has a 
content of 04 5A, whereas this has several sets of 04 CF 
These are both internal ip addresses behind our fire wall.

Does anyone know what these are?[this is one of dozens and dozens
on this xx.xx.50.0/24 subnet.]


# cat *1080*
[**] WinGate 1080 Attempt [**]
10/06-09:42:41.874129 198.183.201.3:53 -> 172.16.50.198:1080
UDP TTL:253 TOS:0x0 ID:3948  DF
Len: 104
00 01 85 80 00 01 00 04 00 00 00 00 06 73 65 61  .............sea
72 63 68 03 6D 73 6E 03 63 6F 6D 00 00 01 00 01  rch.msn.com.....
C0 0C 00 01 00 01 00 00 0E 10 00 04 CF 2E B9 63  ...............c
C0 0C 00 01 00 01 00 00 0E 10 00 04 CF 2E D1 C8  ................
C0 0C 00 01 00 01 00 00 0E 10 00 04 CF 2E B0 7F  ................
C0 0C 00 01 00 01 00 00 0E 10 00 04 CF 2E B3 11  ................


thanks 

b;)



More information about the Snort-users mailing list