No subject


Thu Nov 23 16:36:19 EST 2017


05/21/01-19:38:54.378223  [**] IDS254/ddos-shaft-client-to-handler [**]
152.163.180.24:80 -> nnn.my.ip.nnn:20432
05/21/01-19:38:54.421968  [**] IDS254/ddos-shaft-client-to-handler [**]
152.163.180.24:80 -> nnn.my.ip.nnn:20432
05/21/01-19:38:54.455919  [**] IDS254/ddos-shaft-client-to-handler [**]
152.163.180.24:80 -> nnn.my.ip.nnn:20432
05/21/01-19:38:54.478080  [**] IDS254/ddos-shaft-client-to-handler [**]
152.163.180.24:80 -> nnn.my.ip.nnn:20432
05/21/01-19:38:54.478154  [**] IDS254/ddos-shaft-client-to-handler [**]
152.163.180.24:80 -> nnn.my.ip.nnn:20432

But:

/var/log/snort# nslookup 152.163.180.24
Server:  localhost
Address:  127.0.0.1

Name:    ads.web.aol.com
Address:  152.163.180.24

Is there anything useful to be gleaned from the tcpdump of the packets?

Also, should something like this be passed along to whitehats.com or
someplace else?

--- snip ---

19:38:54.378223 152.163.180.24.80 > nnn.my.ip.nnn.20432: S
2715353362:2715353362(0) ack 21240968 win 16384 <mss 1360>

19:38:54.421968 152.163.180.24.80 > nnn.my.ip.nnn.20432: P 1:1056(1055) ack
155 win 16384

19:38:54.455919 4:47:0:0:0:0 0:0:0:0:45:10 ff06 1099: 
			 77e2 98a3 b418 4102 c0df 0050 4fd0 1301
			 d9a1 1301 d9a1 5018 2111 cfc6 0000 4854
			 5450 2f31 2e30 2033 3032 2046 6f75 6e64
			 0d0a 5072 6167 6d61 3a20 6e6f 2d63 6163
			 6865 0d0a 4361 6368 652d 436f 6e74 726f
			 6c3a 206e 6f2d 6361 6368 650d 0a45 7870
			 6972 6573 3a20 4d6f 6e2c 2032 3120 4d61
			 7920 3230 3031 2032 333a 3338 3a35 3420
			 474d 540d 0a53 6574 2d43 6f6f 6b69 653a
			 2062 6164 7363 3d42 3076 4659 3432 704b
			 5557 3945 3441 2d4a 5959 6a71 4535 3665
			 6b5a 4b38 7268 6f50 4c38 616c 6873 3530
			 5669 5341 3448 6f6b 5435 3668 3666 6a62
			 6b4a 5751 666b 5a72 4438 685f 7869 7464
			 4563 7479 6339 5959 4f6e 6d7a 7172 636b
			 7a4e 334f 6751 7069 323b 7061 7468 3d2f
			 6c69 6e6b 2f37 3030 3937 3933 0d0a 4c6f
			 6361 7469 6f6e 3a20 6874 7470 3a2f 2f61
			 6473 2e77 6562 2e61 6f6c 2e63 6f6d 2f63
			 6f6e 7465 6e74 2f42 302f 302f 394d 6658
			 3358 3643 4f6d 6e4f 7356 4d47 574e 5952
			 5836 4d35 7669 5676 5169 5439 7039 3237
			 4879 7455 6863 7930 3836 6541 7536 5873
			 416b 6a5a 7a48 444c 6b52 3036 4e57 4164
			 6f6c 635f 5f70 6555 4c4e 745a 4b32 4345
			 6a51 3334 4433 4847 4e37 3867 6635 6549
			 6750 794a 4730 6324 2f61 6f6c 0d0a 4461
			 7465 3a20 4d6f 6e2c 2032 3120 4d61 7920
			 3230 3031 2032 333a 3338 3a35 3420 474d
			 540d 0a43 6f6e 7465 6e74 2d4c 656e 6774
			 683a 2035 3730 0d0a 436f 6e74 656e 742d
			 5479 7065 3a20 7465 7874 2f68 746d 6c0d
			 0a0d 0a3c 6874 6d6c 3e3c 6865 6164 3e3c
			 7469 746c 653e 5265 6469 7265 6374 696f
			 6e3c 2f74 6974 6c65 3e3c 2f68 6561 643e
			 3c62 6f64 793e 3c68 313e 5265 6469 7265
			 6374 696f 6e3c 2f68 313e 0d0a 3c68 723e
			 5468 6520 6c6f 6361 7469 6f6e 206f 6620
			 7468 6520 7265 7175 6573 7465 6420 5552
			 4c20 6861 7320 6d6f 7665 6420 746f 203c
			 6120 6872 6566 3d22 6874 7470 3a2f 2f61
			 6473 2e77 6562 2e61 6f6c 2e63 6f6d 2f63
			 6f6e 7465 6e74 2f42 302f 302f 394d 6658
			 3358 3643 4f6d 6e4f 7356 4d47 574e 5952
			 5836 4d35 7669 5676 5169 5439 7039 3237
			 4879 7455 6863 7930 3836 6541 7536 5873
			 416b 6a5a 7a48 444c 6b52 3036 4e57 4164
			 6f6c 635f 5f70 6555 4c4e 745a 4b32 4345
			 6a51 3334 4433 4847 4e37 3867 6635 6549
			 6750 794a 4730 6324 2f61 6f6c 223e 6874
			 7470 3a2f 2f61 6473 2e77 6562 2e61 6f6c
			 2e63 6f6d 2f63 6f6e 7465 6e74 2f42 302f
			 302f 394d 6658 3358 3643 4f6d 6e4f 7356
			 4d47 574e 5952 5836 4d35 7669 5676 5169
			 5439 7039 3237 4879 7455 6863 7930 3836
			 6541 7536 5873 416b 6a5a 7a48 444c 6b52
			 3036 4e57 4164 6f6c 635f 5f70 6555 4c4e
			 745a 4b32 4345 6a51 3334 4433 4847 4e37
			 3867 6635 6549 6750 794a 4730 6324 2f61
			 6f6c 3c2f 613e 2041 6e79 206d 6f64 6572
			 6e20 6272 6f77 7365 7220 7769 6c6c 2061
			 7574 6f6d 6174 6963 616c 6c79 2068 616e
			 646c 6520 6120 7265 6469 7265 6374 696f
			 6e20 666f 7220 796f 752e 2020 4966 2079
			 6f75 2061 7265 2072 6561 6469 6e67 2074
			 6869 7320 7061 6765 2c20 796f 7520 7368
			 6f75 6c64 2075 7067 7261 6465 2e3c 2f62
			 6f64 793e 3c2f 6874 6d6c 3e0d 0a

19:38:54.478080 152.163.180.24.80 > nnn.my.ip.nnn.20432: F 1056:1056(0) ack
155 win 16384

19:38:54.478154 152.163.180.24.80 > nnn.my.ip.nnn.20432: F 1056:1056(0) ack
156 win 16384

--- snip ---

Best regards,

-- 
Bob Bernstein
at
Esmond, R.I., USA




More information about the Snort-users mailing list