[Snort-users] Packet interpretation

Kishor Bhagwat aaaaarrrgghhh at ...131...
Sat Jan 19 22:23:02 EST 2002


Hello!
I'm running snort in daemon mode inside a private network, with access
to
the Internet thru a router.
here's a small sample of the kind of alerts i keep gettting...
I"m not sure what to make of them..is it an attack from outside, or
from inside?
first of all, is it an attack?!!
The MAC address 01:42....is that of my router's ethernet interface.

regards,
kishor


Dec 27 20:59:42 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=193.253.253.48 DST=255.255.255.255 LEN=48 TOS=0x00 PREC=0x00
TTL=112 ID=52252 DF PROTO=TCP SPT=2256 DPT=21 WINDOW=16384 RES=0x00
SYN URGP=0

Dec 27 20:59:42 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=193.253.253.48 DST=255.255.255.255 LEN=48 TOS=0x00 PREC=0x00
TTL=112 ID=52260 DF PROTO=TCP SPT=2264 DPT=21 WINDOW=16384 RES=0x00
SYN URGP=0


Dec 27 23:43:23 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=208.4.55.222
DST=255.255.255.255 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=57364 DF
PROTO=TCP SPT=3171 DPT=25 WINDOW=16384 RES=0x00 SYN URGP=0

Dec 27 23:43:23 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=208.4.55.222
DST=255.255.255.255 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=57372 DF
PROTO=TCP SPT=3173 DPT=25 WINDOW=16384 RES=0x00 SYN URGP=0


Dec 28 09:33:03 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=195.92.250.158
DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=24282
PROTO=TCP SPT=22 DPT=22 WINDOW=40 RES=0x00 SYN URGP=0

Dec 28 09:33:03 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=195.92.250.158
DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=24282
PROTO=TCP SPT=22 DPT=22 WINDOW=40 RES=0x00 SYN URGP=0

Dec 28 20:56:20 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=195.35.139.106
DST=255.255.255.255 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=26755 DF
PROTO=TCP SPT=1036 DPT=21 WINDOW=32120 RES=0x00 SYN URGP=0

Dec 28 20:56:20 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=195.35.139.106
DST=255.255.255.255 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=26770 DF
PROTO=TCP SPT=1051 DPT=21 WINDOW=32120 RES=0x00 SYN URGP=0


Dec 29 14:39:15 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=24.25.64.124 DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00
TTL=106 ID=45799 PROTO=TCP SPT=111 DPT=111 WINDOW=7182 RES=0x00 SYN
URGP=0

Dec 29 14:39:15 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=24.25.64.124 DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00
TTL=106 ID=45799 PROTO=TCP SPT=111 DPT=111 WINDOW=7182 RES=0x00 SYN
URGP=0

Dec 29 14:52:14 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=202.100.13.148 DST=255.255.255.255 LEN=60 TOS=0x00 PREC=0x00
TTL=38 ID=61939 DF PROTO=TCP SPT=1133 DPT=21 WINDOW=32120 RES=0x00 SYN
URGP=0

Dec 29 14:52:14 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=202.100.13.148 DST=255.255.255.255 LEN=60 TOS=0x00 PREC=0x00
TTL=38 ID=61954 DF PROTO=TCP SPT=1148 DPT=21 WINDOW=32120 RES=0x00 SYN
URGP=0

Dec 29 14:52:16 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=202.100.13.148 DST=255.255.255.255 LEN=60 TOS=0x00 PREC=0x00
TTL=38 ID=62509 DF PROTO=TCP SPT=1148 DPT=21 WINDOW=32120 RES=0x00 SYN
URGP=0

Dec 29 14:52:17 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=202.100.13.148 DST=255.255.255.255 LEN=60 TOS=0x00 PREC=0x00
TTL=38 ID=62500 DF PROTO=TCP SPT=1133 DPT=21 WINDOW=32120 RES=0x00 SYN
URGP=0

Dec 29 19:21:17 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=216.205.150.132 DST=255.255.255.255 LEN=60 TOS=0x00 PREC=0x00
TTL=51 ID=25621 DF PROTO=TCP SPT=2282 DPT=22 WINDOW=32120 RES=0x00 SYN
URGP=0

Dec 29 21:29:18 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=195.1.220.107 DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00
 TTL=104 ID=53283 PROTO=TCP SPT=21 DPT=21 WINDOW=45683 RES=0x00 SYN
URGP=0

Dec 29 21:29:18 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=195.1.220.107 DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00
TTL=107 ID=53283 PROTO=TCP SPT=21 DPT=21 WINDOW=45683 RES=0x00 SYN
URGP=0

Dec 29 22:07:29 morpheus kernel:
auditIN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:42:30:ab:80:08:00
SRC=150.7.208.52 DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00
TTL=110 ID=39184 PROTO=TCP SPT=21 DPT=21 WINDOW=52783 RES=0x00 SYN
URGP=0




_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com





More information about the Snort-users mailing list