[Snort-users] Check out how Microsoft hacks... :)

Henry Sieff hsieff at ...519...
Tue May 1 17:31:38 EDT 2001


It looks to me like that some user of yours is logging onto a
microsoft site (perhaps eopen.microsoft.com) which requires a
Microsoft Passport logon. What you are seeing is the SSL certificate
info.

Henry

> -----Original Message-----
> From: Dennis Cooper [mailto:dennisc at ...1957...]
> Sent: Tuesday, May 01, 2001 4:10 PM
> To: 'snort-users at lists.sourceforge.net'
> Subject: [Snort-users] Check out how Microsoft hacks... :)
> 
> 
> Anyone else seen this kind of Snort log entries? 
> I received one set yesterday, and another set today... carbon 
> copies of each
> other!
> 
> It appears that Bill Gates & Co. are bored... :)
> 
> But seriously, how likely is it that these are forged IPs or 
> a compromised
> MS server?
> 
> (I have removed our IP addresses and replaced them with *s)
> 
> 05/01-15:51:52.306027 0:0:F8:10:E6:65 -> 0:1:2:73:69:AE 
> type:0x800 len:0x3E
> 207.46.199.245:443 -> ***.***.***.***:1839 TCP TTL:46 TOS:0x0
ID:60844
> IpLen:20 DgmLen:48 DF
> ***A**S* Seq: 0xB228A071  Ack: 0xC8222CC3  Win: 0x4470  TcpLen: 28
> TCP Options (4) => MSS: 1460 NOP NOP SackOK 
> 0x0000: 00 01 02 73 69 AE 00 00 F8 10 E6 65 08 00 45 00  
> ...si......e..E.
> 0x0010: 00 30 ED AC 40 00 2E 06 91 31 CF 2E C7 F5 A5 C9  
> .0.. at ...1958...
> 0x0020: 90 FC 01 BB 07 2F B2 28 A0 71 C8 22 2C C3 70 12  
> ...../.(.q.",.p.
> 0x0030: 44 70 20 4B 00 00 02 04 05 B4 01 01 04 02        Dp 
> K..........
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> =+=+=+=+=+=+
> 
> 
> 05/01-15:51:52.735904 0:0:F8:10:E6:65 -> 0:1:2:73:69:AE 
> type:0x800 len:0x2E8
> 207.46.199.245:443 -> ***.***.***.***:1839 TCP TTL:46 TOS:0x0
ID:60925
> IpLen:20 DgmLen:730 DF
> ***AP*** Seq: 0xB228A072  Ack: 0xC8222CF3  Win: 0x4440  TcpLen: 20
> 0x0000: 00 01 02 73 69 AE 00 00 F8 10 E6 65 08 00 45 00  
> ...si......e..E.
> 0x0010: 02 DA ED FD 40 00 2E 06 8E 36 CF 2E C7 F5 A5 C9  
> .... at ...1959...
> 0x0020: 90 FC 01 BB 07 2F B2 28 A0 72 C8 22 2C F3 50 18  
> ...../.(.r.",.P.
> 0x0030: 44 40 24 FE 00 00 16 03 00 02 AD 02 00 00 46 03  
> D@$...........F.
> 0x0040: 00 6F B1 9F 55 6B 73 A8 41 33 72 D5 4D 45 08 4A  
> .o..Uks.A3r.ME.J
> 0x0050: D6 C2 6A 50 C6 89 2B 49 ED BE D2 BC 16 87 80 5D  
> ..jP..+I.......]
> 0x0060: 81 20 AC 00 00 00 85 2C CC 26 62 1F 4A A0 10 96  . 
> .....,.&b.J...
> 0x0070: 18 AC DF 9F 78 76 13 28 0B 4A F9 6A 0F 6F B1 DF  
> ....xv.(.J.j.o..
> 0x0080: 28 2F 00 64 00 0B 00 02 5B 00 02 58 00 02 55 30  
> (/.d....[..X..U0
> 0x0090: 82 02 51 30 82 01 BE 02 10 22 45 60 48 5A D0 DD  
> ..Q0....."E`HZ..
> 0x00A0: 22 F8 6B EE 9E F4 46 82 66 30 0D 06 09 2A 86 48  
> ".k...F.f0...*.H
> 0x00B0: 86 F7 0D 01 01 04 05 00 30 5F 31 0B 30 09 06 03  
> ........0_1.0...
> 0x00C0: 55 04 06 13 02 55 53 31 20 30 1E 06 03 55 04 0A  
> U....US1 0...U..
> 0x00D0: 13 17 52 53 41 20 44 61 74 61 20 53 65 63 75 72  
> ..RSA Data Secur
> 0x00E0: 69 74 79 2C 20 49 6E 63 2E 31 2E 30 2C 06 03 55  ity, 
> Inc.1.0,..U
> 0x00F0: 04 0B 13 25 53 65 63 75 72 65 20 53 65 72 76 65  
> ...%Secure Serve
> 0x0100: 72 20 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20  r 
> Certification 
> 0x0110: 41 75 74 68 6F 72 69 74 79 30 1E 17 0D 30 30 30  
> Authority0...000
> 0x0120: 38 31 35 30 30 30 30 30 30 5A 17 0D 30 31 30 38  
> 815000000Z..0108
> 0x0130: 31 35 32 33 35 39 35 39 5A 30 78 31 0B 30 09 06  
> 15235959Z0x1.0..
> 0x0140: 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04  
> .U....US1.0...U.
> 0x0150: 08 13 0A 57 61 73 68 69 6E 67 74 6F 6E 31 10 30  
> ...Washington1.0
> 0x0160: 0E 06 03 55 04 07 14 07 52 65 64 6D 6F 6E 64 31  
> ...U....Redmond1
> 0x0170: 12 30 10 06 03 55 04 0A 14 09 4D 69 63 72 6F 73  
> .0...U....Micros
> 0x0180: 6F 66 74 31 11 30 0F 06 03 55 04 0B 14 08 50 61  
> oft1.0...U....Pa
> 0x0190: 73 73 70 6F 72 74 31 1B 30 19 06 03 55 04 03 14  
> ssport1.0...U...
> 0x01A0: 12 6C 6F 67 69 6E 2E 70 61 73 73 70 6F 72 74 2E  
> .login.passport.
> 0x01B0: 63 6F 6D 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D  
> com0..0...*.H...
> 0x01C0: 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00  
> .........0......
> 0x01D0: F6 78 3B 9E EA 3A 69 39 B7 C2 AD E9 19 1B 36 C0  
> .x;..:i9......6.
> 0x01E0: 54 5C 1B C6 BE 4D 8A 55 B2 73 10 C3 B2 FB 3D F5  
> T\...M.U.s....=.
> 0x01F0: 92 17 20 8A 97 8A D6 F0 83 67 DC D6 57 67 50 9C  .. 
> ......g..WgP.
> 0x0200: FC 20 0E E1 07 11 1D 9E 8D 79 ED 5D B2 41 D4 08  . 
> .......y.].A..
> 0x0210: 37 58 B5 5E 29 8D 99 F6 1A 67 BE 89 EC 99 DE 77  
> 7X.^)....g.....w
> 0x0220: 0A 9D 5A 28 DA B0 9A A3 0D 24 7F DD 7D C1 EA C5  
> ..Z(.....$..}...
> 0x0230: A1 B3 04 A2 28 CC 2D 57 17 3B 20 0C 09 1C F6 90  
> ....(.-W.; .....
> 0x0240: 7C 5C 55 9C 90 E4 D6 8F 15 BA 8D F9 18 56 91 CB  
> |\U..........V..
> 0x0250: 02 03 01 00 01 30 0D 06 09 2A 86 48 86 F7 0D 01  
> .....0...*.H....
> 0x0260: 01 04 05 00 03 7E 00 1C 57 0B 12 CD 57 CC 22 CB  
> .....~..W...W.".
> 0x0270: 3A 5A B0 3C 7B 49 54 49 DA D0 F4 15 CA 5F CE 0D  
> :Z.<{ITI....._..
> 0x0280: 7E 34 D0 03 52 AC 91 32 C8 87 2C 2B CA 0F F8 C1  
> ~4..R..2..,+....
> 0x0290: 65 A3 2B F9 93 B4 A2 5C 31 B4 AE 29 D4 D5 33 90  
> e.+....\1..)..3.
> 0x02A0: 76 8C 0D 16 0E 61 38 85 C3 34 35 AA B3 0D E8 29  
> v....a8..45....)
> 0x02B0: BF EE BA 6F 2F 89 53 97 57 A5 02 44 FC 13 1D 20  
> ...o/.S.W..D... 
> 0x02C0: F7 AF D6 9E 80 D5 AD 26 D6 CD 0F 7D A4 1B 38 A0  
> .......&...}..8.
> 0x02D0: EE D7 C2 86 9D 3D 9B 10 5C 70 55 65 7A AA 43 66  
> .....=..\pUez.Cf
> 0x02E0: B8 0B 7B EB 0E 00 00 00                          ..{.....
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> =+=+=+=+=+=+
> 
> 
> 05/01-15:51:52.958739 0:0:F8:10:E6:65 -> 0:1:2:73:69:AE 
> type:0x800 len:0x7D
> 207.46.199.245:443 -> ***.***.***.***:1839 TCP TTL:46 TOS:0x0
ID:61004
> IpLen:20 DgmLen:111 DF
> ***AP*** Seq: 0xB228A324  Ack: 0xC8222DC3  Win: 0x4370  TcpLen: 20
> 0x0000: 00 01 02 73 69 AE 00 00 F8 10 E6 65 08 00 45 00  
> ...si......e..E.
> 0x0010: 00 6F EE 4C 40 00 2E 06 90 52 CF 2E C7 F5 A5 C9  
> .o.L at ...1960...
> 0x0020: 90 FC 01 BB 07 2F B2 28 A3 24 C8 22 2D C3 50 18  
> ...../.(.$."-.P.
> 0x0030: 43 70 18 1C 00 00 14 03 00 00 01 01 16 03 00 00  
> Cp..............
> 0x0040: 3C 9D 44 80 EF 61 40 B1 E9 30 F8 B6 B6 09 77 71  
> <.D..a at ...1961...
> 0x0050: 16 D8 4A C0 2A AC 99 60 76 23 92 C4 76 25 03 68  
> ..J.*..`v#..v%.h
> 0x0060: 57 93 16 C3 AC 11 8A 23 96 E8 2F 1D 36 1A FB 0F  
> W......#../.6...
> 0x0070: 5C C0 61 A2 8E 06 99 93 C5 E7 99 9B BD
\.a..........
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> =+=+=+=+=+=+
> 
> 
> 05/01-15:51:53.527531 0:0:F8:10:E6:65 -> 0:1:2:73:69:AE 
> type:0x800 len:0x3C
> 207.46.199.245:443 -> ***.***.***.***:1839 TCP TTL:46 TOS:0x0
ID:61154
> IpLen:20 DgmLen:40 DF
> ***A**** Seq: 0xB228A36B  Ack: 0xC8223249  Win: 0x3EEA  TcpLen: 20
> 0x0000: 00 01 02 73 69 AE 00 00 F8 10 E6 65 08 00 45 00  
> ...si......e..E.
> 0x0010: 00 28 EE E2 40 00 2E 06 90 03 CF 2E C7 F5 A5 C9  
> .(.. at ...868...
> 0x0020: 90 FC 01 BB 07 2F B2 28 A3 6B C8 22 32 49 50 10  
> ...../.(.k."2IP.
> 0x0030: 3E EA 4A 16 00 00 00 00 00 00 00 00
>.J.........
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> =+=+=+=+=+=+
> 
> 
> 05/01-15:51:53.527997 0:0:F8:10:E6:65 -> 0:1:2:73:69:AE 
> type:0x800 len:0x42
> 207.46.199.245:443 -> ***.***.***.***:1839 TCP TTL:46 TOS:0x0
ID:61153
> IpLen:20 DgmLen:52 DF
> ***A**** Seq: 0xB228A36B  Ack: 0xC8222DC3  Win: 0x4370  TcpLen: 32
> TCP Options (3) => NOP NOP Sack: 51234 at ...1962... 
> 0x0000: 00 01 02 73 69 AE 00 00 F8 10 E6 65 08 00 45 00  
> ...si......e..E.
> 0x0010: 00 34 EE E1 40 00 2E 06 8F F8 CF 2E C7 F5 A5 C9  
> .4.. at ...868...
> 0x0020: 90 FC 01 BB 07 2F B2 28 A3 6B C8 22 2D C3 80 10  
> ...../.(.k."-...
> 0x0030: 43 70 20 41 00 00 01 01 05 0A C8 22 31 2F C8 22  Cp 
> A......."1/."
> 0x0040: 32 49                                            2I
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> =+=+=+=+=+=+
> 
> 
> 05/01-15:51:53.529245 0:0:F8:10:E6:65 -> 0:1:2:73:69:AE 
> type:0x800 len:0xA8
> 207.46.199.245:443 -> ***.***.***.***:1839 TCP TTL:46 TOS:0x0
ID:61155
> IpLen:20 DgmLen:154 DF
> ***AP*** Seq: 0xB228A36B  Ack: 0xC8223249  Win: 0x3EEA  TcpLen: 20
> 0x0000: 00 01 02 73 69 AE 00 00 F8 10 E6 65 08 00 45 00  
> ...si......e..E.
> 0x0010: 00 9A EE E3 40 00 2E 06 8F 90 CF 2E C7 F5 A5 C9  
> .... at ...868...
> 0x0020: 90 FC 01 BB 07 2F B2 28 A3 6B C8 22 32 49 50 18  
> ...../.(.k."2IP.
> 0x0030: 3E EA 2A 06 00 00 17 03 00 00 6D 04 51 93 A2 FF  
> >.*.......m.Q...
> 0x0040: 92 42 7E E8 2E 07 53 58 2F BA 96 B2 F3 88 31 E5  
> .B~...SX/.....1.
> 0x0050: 1F 3D E2 B7 F8 FD 8B D5 C5 B4 2F 6F F3 83 C5 00  
> .=......../o....
> 0x0060: 51 0B 84 5A 1F 4D 4B 78 8D 7C AF 90 15 10 7D 8F  
> Q..Z.MKx.|....}.
> 0x0070: 13 C3 35 0D C3 09 BC 3B 8E 56 C1 C3 3E 00 64 54  
> ..5....;.V..>.dT
> 0x0080: 28 83 9F 92 AC AD EB 0C BF 63 9C 16 22 53 C5 F3  
> (........c.."S..
> 0x0090: 08 DA 37 93 56 38 F8 B0 6F 56 D1 1D 02 0A C4 44  
> ..7.V8..oV.....D
> 0x00A0: 30 8C 59 8B EE 20 77 E4                          0.Y.. w.
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> =+=+=+=+=+=+
> 
> 05/01-15:51:53.812301 0:0:F8:10:E6:65 -> 0:1:2:73:69:AE 
> type:0x800 len:0x59E
> 207.46.199.245:443 -> ***.***.***.***:1839 TCP TTL:46 TOS:0x0
ID:61215
> IpLen:20 DgmLen:1424 DF
> ***AP*** Seq: 0xB228A3DD  Ack: 0xC8223249  Win: 0x3EEA  TcpLen: 20
> 0x0000: 00 01 02 73 69 AE 00 00 F8 10 E6 65 08 00 45 00  
> ...si......e..E.
> 0x0010: 05 90 EF 1F 40 00 2E 06 8A 5E CF 2E C7 F5 A5 C9  
> .... at ...1322...^......
> 0x0020: 90 FC 01 BB 07 2F B2 28 A3 DD C8 22 32 49 50 18  
> ...../.(..."2IP.
> 0x0030: 3E EA 2B 34 00 00 17 03 00 03 CC 52 2F A4 1C D1  
> >.+4.......R/...
> 0x0040: 7D E9 D2 DF 9A 88 54 1C C0 91 35 CD A3 45 89 DC  
> }.....T...5..E..
> 0x0050: 70 1A 24 8B F5 B2 F0 36 96 4B DD 1C D3 E4 86 25  
> p.$....6.K.....%
> 0x0060: 00 F1 C5 BE F1 70 C3 B2 8B 53 3A 55 81 CE E9 96  
> .....p...S:U....
> 0x0070: 8A 97 34 C1 0E 2E 98 46 41 BB 41 BE 15 E2 76 2C  
> ..4....FA.A...v,
> 0x0080: 59 A0 A9 E2 53 C0 D2 DF 38 89 7A DC E8 23 45 C8  
> Y...S...8.z..#E.
> 0x0090: 5E 3E BB 12 74 A2 E1 B4 35 BC 66 85 AA DB C6 AA  
> ^>..t...5.f.....
> 0x00A0: 89 EE DC 98 93 46 CE 1E EC E0 63 4E 52 93 2A 42  
> .....F....cNR.*B
> 0x00B0: 09 69 1C BB 38 C8 3C 3C 7B CB EB D4 02 88 F6 AB  
> .i..8.<<{.......
> 0x00C0: 07 7E 98 D3 37 2C F1 D2 36 22 3E 11 14 A2 1E B3  
> .~..7,..6">.....
> 0x00D0: FC 89 0D C1 37 7E 51 A8 C9 4E 68 01 92 88 D7 E4  
> ....7~Q..Nh.....
> 0x00E0: 9F 7E 0C 99 D2 38 B9 03 EA FB 16 63 85 33 6A 6B  
> .~...8.....c.3jk
> 0x00F0: 45 2D 13 C4 43 31 E7 75 7D 07 E1 9A CE BB DA B0  
> E-..C1.u}.......
> 0x0100: 60 F3 87 A6 57 98 22 3E 15 4F 49 0F 34 4C CA AE  
> `...W.">.OI.4L..
> 0x0110: 3A 09 AA BC 6D B8 6B 80 39 C6 85 F0 28 1A E7 2D  
> :...m.k.9...(..-
> 0x0120: FF C0 07 DA B8 E1 54 80 1D E3 11 A6 D2 C6 08 7F  
> ......T.........
> 0x0130: 43 6E 0F DD 64 EA 54 B0 96 21 79 13 4D 8C AF 63  
> Cn..d.T..!y.M..c
> 0x0140: 3A 97 7A C6 A6 52 C3 97 3A 8E 47 AE E5 19 D6 BB  
> :.z..R..:.G.....
> 0x0150: 94 45 5D 9D 25 22 9B 15 FD EF 70 E5 16 CE 7B B5  
> .E].%"....p...{.
> 0x0160: CE 5F 12 9A D2 3A BE 7D 75 00 8E 51 3D 3C 61 2B  
> ._...:.}u..Q=<a+
> 0x0170: 40 93 C0 7C E2 F6 57 59 CE F2 C5 3D 47 1D 3E B5  
> @..|..WY...=G.>.
> 0x0180: 5F 97 CF 8A F6 4B 82 87 D0 13 98 9C C3 A2 33 10  
> _....K........3.
> 0x0190: 6C 4C 71 C7 D1 6B 0A 1A DE D1 2A 77 95 EA A4 8B  
> lLq..k....*w....
> 0x01A0: FA BF 95 14 7A 63 E0 B2 59 9D 55 71 6A 11 EA 44  
> ....zc..Y.Uqj..D
> 0x01B0: A3 4E 0F 8E 83 FE C3 0B CB B5 97 0F E7 53 B5 CE  
> .N...........S..
> 0x01C0: 9B B1 C7 B5 2E E7 AE B1 CA 37 28 86 09 7D F4 B4  
> .........7(..}..
> 0x01D0: E8 D5 75 AF D5 7B FB 2B 57 DC D8 24 59 B3 10 44  
> ..u..{.+W..$Y..D
> 0x01E0: E2 1F 33 7B 92 F9 24 F7 13 02 E9 BB D7 6D B0 67  
> ..3{..$......m.g
> 0x01F0: 88 B2 F6 D1 7A 9C 87 55 C5 33 CC B7 A6 FD DC C7  
> ....z..U.3......
> 0x0200: 87 D4 74 B1 E7 D4 66 0E E2 8B 52 99 18 F9 96 81  
> ..t...f...R.....
> 0x0210: 14 D4 BE FB EB 21 B4 6D 33 0E C1 0C DF 8E ED A4  
> .....!.m3.......
> 0x0220: BE 74 75 71 1D EB 02 4B 17 4A 8F F1 CD 37 D1 2B  
> .tuq...K.J...7.+
> 0x0230: C6 6F 9A FD 55 02 3E 8A 1D D2 5C F1 2F 93 7A 81  
> .o..U.>...\./.z.
> 0x0240: DF 81 9E EA 69 7D 33 F7 63 EF 67 90 1D 7F 3F 76  
> ....i}3.c.g...?v
> 0x0250: 23 1C A6 78 C2 5F 20 AF 3D 86 E6 E4 24 61 99 5A  
> #..x._ .=...$a.Z
> 0x0260: AF C7 B3 FB 7C 8B 75 12 26 7C 8E C1 87 15 08 17  
> ....|.u.&|......
> 0x0270: A9 E6 DA 12 35 8C 2D E4 1F 93 19 56 74 DF 27 F2  
> ....5.-....Vt.'.
> 0x0280: 73 D7 B1 0A 02 5B 98 B3 80 D2 56 BD 6C FD B9 68  
> s....[....V.l..h
> 0x0290: 54 AE 2C 6A B4 D4 E0 74 F9 48 5C B3 FB 5C B6 9C  
> T.,j...t.H\..\..
> 0x02A0: 0B 99 08 03 0E B3 F6 7B 9D 17 42 2B EA E5 89 73  
> .......{..B+...s
> 0x02B0: E2 E6 42 53 B4 ED 63 1C F0 2C 73 40 38 26 D2 BC  
> ..BS..c..,s at ...184...&..
> 0x02C0: 61 25 F3 29 00 4D A7 F2 91 01 08 F0 86 54 B5 7D  
> a%.).M.......T.}
> 0x02D0: 7E 30 9A C4 21 29 03 5E 24 A8 A8 05 73 A8 02 0A  
> ~0..!).^$...s...
> 0x02E0: 9D AD 7C 54 69 5E 73 6D 9A 5C 84 53 4B 01 66 F5  
> ..|Ti^sm.\.SK.f.
> 0x02F0: 3B 02 6F 5F 2F 79 57 30 D5 C2 BB 7B 31 57 ED A5  
> ;.o_/yW0...{1W..
> 0x0300: E9 A7 CD 67 DD BC FC 39 D9 D2 EB 85 26 BD C4 D0  
> ...g...9....&...
> 0x0310: A8 BB 9D 37 F2 30 DA 07 B5 AB A6 AF 39 AB C3 17  
> ...7.0......9...
> 0x0320: 48 52 B7 E4 1D 8E 4D 71 E1 51 B8 67 30 DB 17 AE  
> HR....Mq.Q.g0...
> 0x0330: ED 30 5F B2 FD CF F0 09 65 D1 2F 7F 64 6B AF 75  
> .0_.....e./.dk.u
> 0x0340: 2C 80 78 D7 4A 70 E2 78 A0 63 B9 21 1B B6 B0 B8  
> ,.x.Jp.x.c.!....
> 0x0350: 6E 0C C2 54 01 66 42 32 46 AE CD 68 40 86 19 D8  
> n..T.fB2F..h at ...979...
> 0x0360: 15 0E E2 44 E4 53 7E 9F 10 61 77 9A C6 D5 5A AE  
> ...D.S~..aw...Z.
> 0x0370: 0B 08 C4 E4 42 C0 09 0C 92 28 9A 1B 10 57 19 AD  
> ....B....(...W..
> 0x0380: 46 E4 AA A7 48 07 A5 10 44 DF EB BF B6 48 ED 0E  
> F...H...D....H..
> 0x0390: 45 BC 73 19 FF 21 D3 19 DB DC 5D CE 49 03 2E 9F  
> E.s..!....].I...
> 0x03A0: 28 E9 0B 19 A1 3E F0 84 6D 5A BD B5 DF 66 C6 DE  
> (....>..mZ...f..
> 0x03B0: 58 27 94 60 6A 59 1E F1 E5 84 F5 16 35 81 03 9C  
> X'.`jY......5...
> 0x03C0: AF A4 17 42 28 2F FA 18 10 2A 44 37 CB 4D 17 DF  
> ...B(/...*D7.M..
> 0x03D0: A5 BF 59 27 BA 02 43 A9 0F C1 4B 6C EC 1B BE 7C  
> ..Y'..C...Kl...|
> 0x03E0: 64 74 86 41 37 E9 29 9C 12 B1 A4 9C CD 69 B4 98  
> dt.A7.)......i..
> 0x03F0: 21 A0 70 25 B5 5D C3 15 90 1C 49 35 07 CD 25 51  
> !.p%.]....I5..%Q
> 0x0400: A3 64 AD 9F 20 F8 72 17 03 00 01 92 84 A5 34 22  .d.. 
> .r.......4"
> 0x0410: 28 07 FE EE E1 93 FE 13 4D C1 B5 B9 93 2B 18 59  
> (.......M....+.Y
> 0x0420: D4 B8 D8 7E 4E 9F 90 94 7C 3A AE 68 BB 16 44 46  
> ...~N...|:.h..DF
> 0x0430: 32 45 98 EA EA C8 F7 D0 98 49 98 46 65 33 44 11  
> 2E.......I.Fe3D.
> 0x0440: 46 B1 1D DC 1A BD C7 FC 24 52 1D 52 9B 50 21 D7  
> F.......$R.R.P!.
> 0x0450: A7 A6 B5 08 0C BF C1 7A 9F FD 66 7F BC 0F 85 E3  
> .......z..f.....
> 0x0460: DE D3 5C 58 6C FA 4B 11 9A 36 DB 1A F1 7F 95 DF  
> ..\Xl.K..6......
> 0x0470: 7E 6B 23 EE EB 31 02 AB 2F E1 33 DA 36 9C 18 50  
> ~k#..1../.3.6..P
> 0x0480: 47 96 3D 6B AE D3 84 C9 96 8C 43 A4 D3 6C 91 A2  
> G.=k......C..l..
> 0x0490: 8D E9 73 AB CB 99 DE E1 4F D9 FD EE A8 14 69 92  
> ..s.....O.....i.
> 0x04A0: 45 FA 0D C1 5D 8C 94 3F 23 1F 13 79 C1 76 E1 78  
> E...]..?#..y.v.x
> 0x04B0: AC 71 71 D5 77 20 C9 A9 A1 0B E7 6C 2D 62 DC F5  
> .qq.w .....l-b..
> 0x04C0: 2C 68 89 02 D3 43 D1 D0 CC 29 66 7C EA E8 C5 F6  
> ,h...C...)f|....
> 0x04D0: 54 3A D5 1D 3D BF BB 7C 17 C3 41 20 C3 D7 55 E2  
> T:..=..|..A ..U.
> 0x04E0: 46 7B 1C 34 4A 96 EF 96 F3 20 23 D0 59 FA 5F EB  
> F{.4J.... #.Y._.
> 0x04F0: B8 78 12 F9 C3 69 98 7C 27 F8 F9 91 17 6E 64 9D  
> .x...i.|'....nd.
> 0x0500: F1 D0 F7 09 22 0A B9 09 6F 11 D0 DD A7 96 4B 53  
> ...."...o.....KS
> 0x0510: 61 E3 20 98 9F 9E E9 F8 9A 03 3E E0 BC 3B AE 96  a. 
> .......>..;..
> 0x0520: E7 05 F1 EC 05 27 62 36 2C A7 86 47 18 37 34 40  
> .....'b6,..G.74@
> 0x0530: 71 C0 3B 25 2A AE B3 DF 14 28 FE 7C 8C 7A 3E 48  
> q.;%*....(.|.z>H
> 0x0540: B8 4D A3 26 CE A5 31 60 9A F8 83 D6 00 8D 60 4C  
> .M.&..1`......`L
> 0x0550: F2 EE 37 E7 C7 5E D6 51 56 82 B7 08 7B F0 AA F0  
> ..7..^.QV...{...
> 0x0560: 28 81 2D F9 35 E3 84 F9 E2 E0 FE 2C 16 0B 88 7D  
> (.-.5......,...}
> 0x0570: 3B AD C2 2D E7 E4 31 F4 09 E7 AF 4C 62 4D D0 6E  
> ;..-..1....LbM.n
> 0x0580: 7A 29 06 A2 7A F6 1A D5 26 43 5A AB 78 95 A9 A4  
> z)..z...&CZ.x...
> 0x0590: 1A 31 B3 DE 93 B1 FA 2D 80 D6 6D FD B9 96        
> .1.....-..m...
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> =+=+=+=+=+=+
> 
> 
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list