[Snort-users] just curious
mkettler at ...4108...
Tue Dec 17 11:36:02 EST 2002
Hmm, what was the source-port, just a random one? Anything at all familiar
about the source IP?
Also, before I look too closely at the data, are you sure that's the actual
data (ie: is the original EXACTLY 110 byes long, and contains no non-ASCII
bytes)? A quick casual inspection of that string doesn't ring a bell, but
if there's bytes missing.... well...
If it's not 110 bytes, send a hexdump of the real data (yes, hexdump is the
name of a unix utility for dumping binary hex values). Trying to email a
binary that's been copy-pasted as text worthless.. any spot there's a 00
byte it will be dropped, among lots of other bytes.
For what it's worth, Port 14000 seems to be a default port for Inprise
At 01:18 AM 12/17/2002 -0600, Ronneil Camara wrote:
>Would you know guys what this string means?
>B at ...4772...%mqqu?**rrr+vli`kq`w+fjh*fbl(glk*kum(bj+fbl*44444*3=2121257c25273c2=2<7`3
>It's because, I was seeing a syn connection to my firewall on port 14000
>but my firewall was blocking it. So I opened up that port and created
>a netcat listener. That's the string that I captured.
>So what is it?
More information about the Snort-users