[Snort-users] Check out how Microsoft hacks... :)

Joshua Stein jcs at ...1044...
Tue May 1 17:34:59 EDT 2001


Dennis Cooper wrote:
> It appears that Bill Gates & Co. are bored... :)
> 
> 207.46.199.245:443 -> ***.***.***.***:1839 TCP TTL:46 TOS:0x0 ID:60844

> 207.46.199.245:443 -> ***.***.***.***:1839 TCP TTL:46 TOS:0x0 ID:60925
> [...]
> 0x00D0: 13 17 52 53 41 20 44 61 74 61 20 53 65 63 75 72  ..RSA Data Secur
> 0x00E0: 69 74 79 2C 20 49 6E 63 2E 31 2E 30 2C 06 03 55  ity, Inc.1.0,..U
> 0x00F0: 04 0B 13 25 53 65 63 75 72 65 20 53 65 72 76 65  ...%Secure Serve
> 0x0100: 72 20 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20  r Certification 
> 0x0110: 41 75 74 68 6F 72 69 74 79 30 1E 17 0D 30 30 30  Authority0...000
> [...]
> 0x0170: 12 30 10 06 03 55 04 0A 14 09 4D 69 63 72 6F 73  .0...U....Micros
> 0x0180: 6F 66 74 31 11 30 0F 06 03 55 04 0B 14 08 50 61  oft1.0...U....Pa
> 0x0190: 73 73 70 6F 72 74 31 1B 30 19 06 03 55 04 03 14  ssport1.0...U...
> 0x01A0: 12 6C 6F 67 69 6E 2E 70 61 73 73 70 6F 72 74 2E  .login.passport.
> [...]

Unless I'm missing something here, this looks like a normal SSL
connection to 207.46.199.245, which appears to be a MSN Passport server.




More information about the Snort-users mailing list