[Snort-users] BAD TRAFFIC (?)

koriun@...5132... koriun at ...5131...
Fri Mar 1 02:01:04 EST 2002


Hello All,

Who know what know this log ?

    [**] BAD TRAFFIC tcp port 0 traffic [**]
    03/01-13:01:39.922027 195.250.71.1:1095 -> 195.250.71.10:0
    TCP TTL:64 TOS:0x0 ID:47149 IpLen:20 DgmLen:60 DF
    ******S* Seq: 0xC3AF74C3  Ack: 0x0  Win: 0x7D78  TcpLen: 40
    TCP Options (5) => MSS: 1460 SackOK TS: 17387554 0 NOP WS: 0
    =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

    [**] BAD TRAFFIC tcp port 0 traffic [**]
    03/01-13:01:39.922241 X.Y.Z.10:0 -> X.Y.Z.1:1095
    TCP TTL:255 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
    ***A*R** Seq: 0x0  Ack: 0xC3AF74C4  Win: 0x0  TcpLen: 20
    =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

(As I know these 2 machines are DNS servers.)
-- 
Best regards,
 koriun                            mailto:koriun at ...5131...





More information about the Snort-users mailing list