[Snort-users] Attack: Datum length ?

Jim Greco jgreco at ...1964...
Tue Jan 14 05:44:07 EST 2003


Could someone explain why this sequence of packet are sent every night 3 times and then the next night repeated?


(spp_asn1) ASN.1 Attack: Datum length > packet length


source addr        dest addr            Ver  HdrLen  TOS  length  ID  flags  offset  TTL chksum 
10.33.1.107      255.255.255.255     4  5  0  265  32514  0  0  128 44886 



source port      dest port          length 
2092               161                  245 


length = 237

000 : 30 81 EA 02 01 00 04 06 70 75 62 6C 69 63 A1 81   0.......public..
010 : DC 02 01 00 02 01 00 02 01 00 30 81 D0 30 0B 06   ..........0..0..
020 : 07 2B 06 01 02 01 01 01 05 00 30 0B 06 07 2B 06   .+........0...+.
030 : 01 02 01 01 03 05 00 30 0B 06 07 2B 06 01 02 01   .......0...+....
040 : 01 05 05 00 30 0D 06 09 2B 06 01 02 01 02 02 01   ....0...+.......
050 : 06 05 00 30 0D 06 09 2B 06 01 02 01 04 14 01 01   ...0...+........
060 : 05 00 30 0E 06 0A 2B 06 01 02 01 19 03 02 01 03   ..0...+.........
070 : 05 00 30 10 06 0C 2B 06 01 04 01 0B 02 03 09 01   ..0...+.........
080 : 01 07 05 00 30 10 06 0C 2B 06 01 04 01 0B 02 03   ....0...+.......
090 : 09 05 01 03 05 00 30 10 06 0C 2B 06 01 04 01 0B   ......0...+.....
0a0 : 02 04 03 08 03 02 05 00 30 10 06 0C 2B 06 01 04   ........0...+...
0b0 : 01 0B 02 04 03 08 03 03 05 00 30 0F 06 0B 2B 06   ..........0...+.
0c0 : 01 04 01 0B 02 04 03 0A 07 05 00 30 0F 06 0B 2B   ...........0...+
0d0 : 06 01 04 01 0B 02 04 03 0A 0D 05 00 30 0F 06 0B   ............0...
0e0 : 2B 06 01 04 01 0B 02 04 03 0D 01 05 00            +............
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030114/271093a0/attachment.html>


More information about the Snort-users mailing list