[Snort-users] Possible network mapping?

Dr SuSE drsuse at ...748...
Thu Mar 1 11:02:34 EST 2001


Has anyone seen this type of traffic before?  There never was a three way 
handshake between my machine at 192.0.0.11 and 209.67.42.78 which resolves to 
orb-cache2.starmedia.com
I'm assuming it might be a forged packet sent to solicit a response ie the tcp 
reset reply from my machine.

03/01-02:04:00.491740 209.67.42.78:80 -> 192.0.0.11:1188
TCP TTL:49 TOS:0x0 ID:14034 IpLen:20 DgmLen:40 DF
***A***F Seq: 0xB0B32B46  Ack: 0x97F4B645  Win: 0x4350  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

03/01-02:04:00.491891 192.0.0.11:1188 -> 209.67.42.78:80
TCP TTL:128 TOS:0x0 ID:23342 IpLen:20 DgmLen:40
*****R** Seq: 0x97F4B645  Ack: 0x97F4B645  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+





---------------------------------------------
Microsoft ist nicht installiert.
http://www.drsuse.org/






More information about the Snort-users mailing list