[Snort-users] port 515

Ball, Darryl dball at ...1729...
Tue Apr 3 09:08:40 EDT 2001


Over the past 24 hours SNORT has indicated that I have recieved 1000
overflow-noop-x86 attempts. Here is the is the packet data.  Any ideas whats
running here? 

 [**] OVERFLOW-NOOP-X86 [**]
04/03-04:27:46.244348 211.243.70.143:1026 -> xxx.xxx.xxx.xxx:515
TCP TTL:49 TOS:0x0 ID:32958  DF
*****PA* Seq: 0xF07D1843   Ack: 0x8A2B001   Win: 0x7D78
BBD...E...F...G...XXXXXXXXXXXXXXXXXXsecu%300$n%.184u%301$n%.254u
%302$n%.192u%303$n..............................................
................................................................
................................................................
..........................1.1.1..F....1..f..1...C.].C.].K.M..M..
.1..E.Cf.].f.E..'.M..E..E..E.....M.....CC....C....1..?......A...
.^.u.1..F..E......M..U......../bin/sh. 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


   


 <<Ball, Darryl.vcf>> 

begin 600 Ball, Darryl.vcf
M0D5'24XZ5D-!4D0-"E9%4E-)3TXZ,BXQ#0I..D)A;&P[1&%R<GEL#0I&3CI"
M86QL+"!$87)R>6P-"E1%3#M73U)+.U9/24-%.C8Y,BTT-#4U#0I!1%([5T]2
M2SH[=V5C,#8P, at T*3$%"14P[5T]22SIW96,P-C`R#0I%34%)3#M04D5&.TE.
M5$523D54.F1B86QL0&-R8V,N9&ES82YM:6P-"E)%5CHR,#`Q,#(P,U0Q.3$Q
0,#9:#0I%3D0Z5D-!4D0-"@==
`
end




More information about the Snort-users mailing list