[Snort-users] Strange Traffic to 10.0.1.128

Dusty Hall halljer at ...8709...
Wed Feb 25 12:41:08 EST 2004


I'm seeing the following traffic from dozens of computers on our campus.  I'm not sure what to make of it.  Any thoughts?


-Dusty


*--------
14:20:01.731500 xxx.xxx.xxx.xxx.3139 > 10.0.1.128.36278: S 948466268:948466268(0) win 16384 <mss 1456,nop,nop,sackOK> (DF)
0x0000   4500 0030 0ee5 4000 8006 8d11 xxxx xxxx        E..0.. at ...4589...
0x0010   0a00 0180 0c43 8db6 3888 725c 0000 0000        .....C..8.r\....
0x0020   7002 4000 9f73 0000 0204 05b0 0101 0402        p. at ...11296...
14:20:01.749327 xxx.xxx.xxx.xxx.3126 > 10.0.1.128.36278: S 944670114:944670114(0) win 16384 <mss 1456,nop,nop,sackOK> (DF)
0x0000   4500 0030 0ee6 4000 8006 8d10 xxxx xxxx        E..0.. at ...4589...
0x0010   0a00 0180 0c36 8db6 384e 85a2 0000 0000        .....6..8N......
0x0020   7002 4000 8c74 0000 0204 05b0 0101 0402        p. at ...11297...
14:20:02.051142 xxx.xxx.xxx.xxx.3136 > 10.0.1.128.36278: S 947371790:947371790(0) win 16384 <mss 1456,nop,nop,sackOK> (DF)
0x0000   4500 0030 0ef0 4000 8006 8d06 xxxx xxxx        E..0.. at ...4589...
0x0010   0a00 0180 0c40 8db6 3877 bf0e 0000 0000        ..... at ...11298...
0x0020   7002 4000 52d5 0000 0204 05b0 0101 0402        p. at ...11299...
14:20:02.151663 xxx.xxx.xxx.xxx.3137 > 10.0.1.128.36278: S 947438139:947438139(0) win 16384 <mss 1456,nop,nop,sackOK> (DF)
0x0000   4500 0030 0ef4 4000 8006 8d02 xxxx xxxx        E..0.. at ...4589...
0x0010   0a00 0180 0c41 8db6 3878 c23b 0000 0000        .....A..8x.;....
0x0020   7002 4000 4fa6 0000 0204 05b0 0101 0402        p. at ...11300...
14:20:02.554036 xxx.xxx.xxx.xxx.3127 > 10.0.1.128.36278: S 945134256:945134256(0) win 16384 <mss 1456,nop,nop,sackOK> (DF)
0x0000   4500 0030 0eff 4000 8006 8cf7 xxxx xxxx        E..0.. at ...4589...
0x0010   0a00 0180 0c37 8db6 3855 9ab0 0000 0000        .....7..8U......
0x0020   7002 4000 775e 0000 0204 05b0 0101 0402        p. at ...11301...^..........
14:20:03.020634 xxx.xxx.xxx.xxx.3140 > 10.0.1.128.36278: S 948834934:948834934(0) win 16384 <mss 1456,nop,nop,sackOK> (DF)
0x0000   4500 0030 0f0d 4000 8006 8ce9 xxxx xxxx        E..0.. at ...4589...
0x0010   0a00 0180 0c44 8db6 388e 1276 0000 0000        .....D..8..v....
0x0020   7002 4000 ff52 0000 0204 05b0 0101 0402        p. at ...11302...
14:20:03.139266 xxx.xxx.xxx.xxx.3142 > 10.0.1.128.36278: S 948970852:948970852(0) win 16384 <mss 1456,nop,nop,sackOK> (DF)
0x0000   4500 0030 0f10 4000 8006 8ce6 xxxx xxxx        E..0.. at ...4589...
0x0010   0a00 0180 0c46 8db6 3890 2564 0000 0000        .....F..8.%d....
0x0020   7002 4000 ec60 0000 0204 05b0 0101 0402        p. at ...846...`..........
14:20:03.157586 xxx.xxx.xxx.xxx.3138 > 10.0.1.128.36278: S 947825858:947825858(0) win 16384 <mss 1456,nop,nop,sackOK> (DF)
0x0000   4500 0030 0f11 4000 8006 8ce5 xxxx xxxx        E..0.. at ...4589...
0x0010   0a00 0180 0c42 8db6 387e acc2 0000 0000        .....B..8~......
0x0020   7002 4000 6518 0000 0204 05b0 0101 0402        p. at ...11303...
14:20:03.389056 xxx.xxx.xxx.xxx.3143 > 10.0.1.128.36278: S 949143173:949143173(0) win 16384 <mss 1456,nop,nop,sackOK> (DF)
0x0000   4500 0030 0f17 4000 8006 8cdf xxxx xxxx        E..0.. at ...4589...
0x0010   0a00 0180 0c47 8db6 3892 c685 0000 0000        .....G..8.......
0x0020   7002 4000 4b3c 0000 0204 05b0 0101 0402        p. at ...11304...<..........






More information about the Snort-users mailing list