[Snort-users] MISC same SRC/DST

Joshua Wright Joshua.Wright at ...2031...
Wed Oct 24 07:01:08 EDT 2001


Vjay,

Are you using High Availability Linux?  Ports 5300-5305 UDP and TCP are
registered to this project.

-Joshua Wright, GCIH
Team Leader, Networks and Systems 
Johnson & Wales University 
Joshua.Wright at ...2031... 

pgpkey: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD44B4A73 
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73 

-----Original Message-----
From: Vjay LaRosa [mailto:vjayl at ...3331...]
Sent: Tuesday, October 23, 2001 12:39 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] MISC same SRC/DST


Can some one explain how a packet like this could be generated? Are there
any tools that are known 
that can do this? Thanks! 
vjl 
[**] MISC same SRC/DST [**] 
10/23-11:52:10.267310 90.0.0.1:5300 -> 90.0.0.1:5300 
UDP TTL:58 TOS:0x0 ID:53139 IpLen:20 DgmLen:88 DF 
Len: 68 
0x0000: 08 00 20 E5 97 42 00 30 96 2D F5 FD 08 00 45 00  .. ..B.0.-....E. 
0x0010: 00 58 CF 93 40 00 3A 11 BC FF 5A 00 00 01 5A 00  .X.. at ...843...:...Z...Z. 
0x0020: 00 01 14 B4 14 B4 00 44 CC 0D 00 00 00 07 00 00  .......D........ 
0x0030: 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00  ................ 
0x0040: 00 3C 00 00 00 00 3B D0 4C C9 00 00 00 01 3B D5  .<....;.L.....;. 
0x0050: 91 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00  .8.............. 
0x0060: 00 00 00 00 00 00                                ...... 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 
  
[**] MISC same SRC/DST [**] 
10/23-11:52:10.266952 90.0.0.1:5301 -> 90.0.0.1:5301 
UDP TTL:58 TOS:0x0 ID:53138 IpLen:20 DgmLen:88 DF 
Len: 68 
0x0000: 08 00 20 E5 97 42 00 30 96 2D F5 FD 08 00 45 00  .. ..B.0.-....E. 
0x0010: 00 58 CF 92 40 00 3A 11 BD 00 5A 00 00 01 5A 00  .X.. at ...843...:...Z...Z. 
0x0020: 00 01 14 B5 14 B5 00 44 CC 0B 00 00 00 07 00 00  .......D........ 
0x0030: 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00  ................ 
0x0040: 00 3C 00 00 00 00 3B D0 4C C9 00 00 00 01 3B D5  .<....;.L.....;. 
0x0050: 91 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00  .8.............. 
0x0060: 00 00 00 00 00 00                                ...... 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 
  
-- 
 V.Jay LaRosa                           EMC Corporation
 Systems Administrator                  171 South Street
 (508)435-1000 ext 14957                Hopkinton, MA 01748
 (508)497-8082 fax                      www.emc.com
  




More information about the Snort-users mailing list