No subject


Thu Nov 23 16:36:19 EST 2017


[**] [1:255:1] DNS zone transfer [**]
[Classification: Attempted Information Leak] [Priority: 3]
09/20-13:57:14.393783 xxx.xxx.xx.xx:1821 -> 64.12.24.236:53
TCP TTL:127 TOS:0x0 ID:19377 IpLen:20 DgmLen:310 DF
***AP*** Seq: 0x514916CA  Ack: 0x5A2FF1A1  Win: 0x4506  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS212]

[...Payload of above...]
09/20-13:57:14.393783 xxx.xxx.xx.xx:1821 -> 64.12.24.236:53
TCP TTL:127 TOS:0x0 ID:19377 IpLen:20 DgmLen:310 DF
***AP*** Seq: 0x514916CA  Ack: 0x5A2FF1A1  Win: 0x4506  TcpLen: 20
2A 01 28 92 01 08 00 00 00 01 00 06 01 00 58 7A  *.(...........Xz
A4 22 B1 4E B0 74 D8 97 9E 11 E7 72 E5 BC 4D 2C  .".N.t.....r..M,
E2 FA 2D C2 C0 78 64 46 F4 B8 0A AF 63 9C CE FD  ..-..xdF....c...
7F F3 EF 39 91 30 BE 12 47 54 0F 1C 70 59 33 EA  ...9.0..GT..pY3.
31 5A 2E FD 12 57 FC CD E0 AD 95 14 AC 5C 0B 9C  1Z...W.......\..
25 A4 86 A1 35 CA 92 11 1A C8 AC D1 D5 7C DA 13  %...5........|..
E7 0B A8 85 B3 DC 99 11 34 79 83 A8 2C 4D 51 CE  ........4y..,MQ.
12 F9 85 3D 7C C3 84 80 5A 8C 0E F6 C6 E8 95 03  ...=|...Z.......
55 F0 F3 7E 5C 46 87 EF 21 A9 8C 71 A1 9A 1C AD  U..~\F..!..q....
6A 90 11 BF EA 40 63 AD 05 C5 B7 6E 14 09 49 06  j.... at ...3534...
B9 81 1F 87 CC 6B 9C FA 2B 0A E7 AC 1E 38 BD 5C  .....k..+....8.\
77 AE 03 B8 54 53 50 F3 4F 09 F6 4D 38 04 C5 A8  w...TSP.O..M8...
92 A2 56 EE 71 48 61 E0 40 18 F6 73 E2 28 2D E7  ..V.qHa. at ...3535...(-.
Snort received signal 3, exiting
00 00 A4 0C BF 47 37 A1 F8 F3 DE 2C 54 17 40 B8  .....G7....,T. at ...843...
1B 5D 49 31 98 91 FF 93 83 FE 16 5C 98 2D 4E 69  .]I1.......\.-Ni
0F 3A F1 D0 40 30 E9 95 DD 6C 26 CA 70 E4 7F D3  .:.. at ...3536...&.p...
EF F4 0C C7 B8 21 02 C2 6A BE 36 84 93 D9        .....!..j.6...

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


[**] [1:255:1] DNS zone transfer [**]
[Classification: Attempted Information Leak] [Priority: 3]
09/20-13:57:16.116867 xxx.xxx.xx.xx:1823 -> 64.12.28.16:53
TCP TTL:127 TOS:0x0 ID:19396 IpLen:20 DgmLen:310 DF
***AP*** Seq: 0x5151566B  Ack: 0x5A7D3A8F  Win: 0x4506  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS212]

[...Payload of above...]
09/20-13:57:16.116867 xxx.xxx.xx.xx:1823 -> 64.12.28.16:53
TCP TTL:127 TOS:0x0 ID:19396 IpLen:20 DgmLen:310 DF
***AP*** Seq: 0x5151566B  Ack: 0x5A7D3A8F  Win: 0x4506  TcpLen: 20
2A 01 4F 8A 01 08 00 00 00 01 00 06 01 00 3D AB  *.O...........=.
A9 F6 11 98 DE FE 0F 0E 28 DD 14 C6 DC 18 61 FD  ........(.....a.
17 3F E0 06 24 93 26 CD A4 5E 92 C9 EC CD D9 D9  .?..$.&..^......
D5 96 E6 E8 51 E0 BC A6 52 6C 7F 41 EC 61 C2 E2  ....Q...Rl.A.a..
A6 B7 16 39 AF 77 84 B2 72 EA A4 FE 7F 3B F6 2F  ...9.w..r....;./
F4 47 E0 7B A7 AA 02 92 0F 7D FC B5 A4 23 96 41  .G.{.....}...#.A
94 55 A1 82 7A 39 3C 68 0F 43 75 30 B7 C5 E5 FF  .U..z9<h.Cu0....
61 42 0F CC C1 E6 7E 65 09 B4 A9 DC 94 CB 0B D6  aB....~e........
8F 52 3B 24 7C B3 C1 1D B9 48 4A 7A 2B 08 17 A4  .R;$|....HJz+...
07 05 9B 30 9F 62 74 FF 97 EF C0 11 CC 7D 28 44  ...0.bt......}(D
B8 75 7C 13 04 5F 26 8E FD AF 26 0E E7 59 14 79  .u|.._&...&..Y.y
51 68 E1 13 3A CE C5 64 BD 8C 7F 00 6D FF BE 1F  Qh..:..d....m...
ED 9E E7 E9 CA 55 99 80 F6 D8 71 60 23 86 B8 B4  .....U....q`#...
82 FD 05 60 58 C7 A1 09 30 8C A3 7A C5 27 0D 67  ...`X...0..z.'.g
B5 C8 BA 2D F6 06 C9 0D AE C8 9A 22 29 98 37 31  ...-.......").71
07 8C 99 14 59 5E A8 51 88 22 FA F8 82 C8 A0 FD  ....Y^.Q."......
FB 5B 4C 3E D7 25 19 C4 1D 61 BF 34 82 05        .[L>.%...a.4..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] [1:255:1] DNS zone transfer [**]
[Classification: Attempted Information Leak] [Priority: 3]
09/20-13:57:16.119893 xxx.xxx.xx.xx:1822 -> 64.12.26.44:53
TCP TTL:127 TOS:0x0 ID:19397 IpLen:20 DgmLen:310 DF
***AP*** Seq: 0x51507953  Ack: 0xEA4D200C  Win: 0x4506  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS212]

[...Payload of above...]
09/20-13:57:16.119893 xxx.xxx.xx.xx:1822 -> 64.12.26.44:53
TCP TTL:127 TOS:0x0 ID:19397 IpLen:20 DgmLen:310 DF
***AP*** Seq: 0x51507953  Ack: 0xEA4D200C  Win: 0x4506  TcpLen: 20
2A 01 6A 4E 01 08 00 00 00 01 00 06 01 00 A5 5B  *.jN...........[
0B 8D B8 DC A0 CC 3C D5 7E 1A 86 1C A8 D2 CE 62  ......<.~......b
67 66 51 73 CC 41 D7 48 E7 D5 E2 13 5E 6F 18 79  gfQs.A.H....^o.y
42 40 01 0E F4 5D 58 06 12 0A 8D 26 41 57 CB A8  B at ...979...]X....&AW..
6F 57 03 8F 95 5A BC A3 73 CA A6 05 5A F4 43 B2  oW...Z..s...Z.C.
BD 58 20 AE AD 96 4D DF 43 44 33 D7 72 55 5E A0  .X ...M.CD3.rU^.
01 61 B0 EA E3 91 D1 5B EB F6 47 98 FC DB 68 7C  .a.....[..G...h|
AF 16 23 EE 35 E5 3C 46 89 68 48 0A E9 BC FF 11  ..#.5.<F.hH.....
B3 4D A7 5C AC D9 43 69 4E 50 63 AD 83 9A 36 1F  .M.\..CiNPc...6.
BE FD 2C 57 58 2A 54 72 2C 64 EA 6E B4 7A 6B DA  ..,WX*Tr,d.n.zk.
73 86 2F 48 DD 85 07 B1 3B B0 60 96 46 9D 6B BA  s./H....;.`.F.k.
6D 02 81 33 F7 F0 DA 55 73 08 62 24 22 C6 AF 23  m..3...Us.b$"..#
D7 09 33 A7 62 57 E6 F1 24 97 02 9A 24 E4 2D 78  ..3.bW..$...$.-x
33 3B 38 B6 39 BE 80 8D 6D 47 D9 8A 45 1D CB 22  3;8.9...mG..E.."
2F 4C 7D 55 E2 1B 7D 68 F7 D5 3F C4 81 10 EC 90  /L}U..}h..?.....
45 C5 CC 6E B3 5A D7 76 BD 6A 3A C9 51 01 24 7B  E..n.Z.v.j:.Q.${
11 7E AC 54 CB D3 EC 37 C6 08 90 9B 21 BB        .~.T...7....!.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] [1:255:1] DNS zone transfer [**]
[Classification: Attempted Information Leak] [Priority: 3]
09/20-13:57:16.129973 xxx.xxx.xx.xx:1824 -> 64.12.162.117:53
TCP TTL:127 TOS:0x0 ID:19398 IpLen:20 DgmLen:310 DF
***AP*** Seq: 0x5151F0E5  Ack: 0xC74BCD6D  Win: 0x4506  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS212]

[...Payload of above...]
09/20-13:57:16.119893 xxx.xxx.xx.xx:1822 -> 64.12.26.44:53
TCP TTL:127 TOS:0x0 ID:19397 IpLen:20 DgmLen:310 DF
***AP*** Seq: 0x51507953  Ack: 0xEA4D200C  Win: 0x4506  TcpLen: 20
2A 01 6A 4E 01 08 00 00 00 01 00 06 01 00 A5 5B  *.jN...........[
0B 8D B8 DC A0 CC 3C D5 7E 1A 86 1C A8 D2 CE 62  ......<.~......b
67 66 51 73 CC 41 D7 48 E7 D5 E2 13 5E 6F 18 79  gfQs.A.H....^o.y
42 40 01 0E F4 5D 58 06 12 0A 8D 26 41 57 CB A8  B at ...979...]X....&AW..
6F 57 03 8F 95 5A BC A3 73 CA A6 05 5A F4 43 B2  oW...Z..s...Z.C.
BD 58 20 AE AD 96 4D DF 43 44 33 D7 72 55 5E A0  .X ...M.CD3.rU^.
01 61 B0 EA E3 91 D1 5B EB F6 47 98 FC DB 68 7C  .a.....[..G...h|
AF 16 23 EE 35 E5 3C 46 89 68 48 0A E9 BC FF 11  ..#.5.<F.hH.....
B3 4D A7 5C AC D9 43 69 4E 50 63 AD 83 9A 36 1F  .M.\..CiNPc...6.
BE FD 2C 57 58 2A 54 72 2C 64 EA 6E B4 7A 6B DA  ..,WX*Tr,d.n.zk.
73 86 2F 48 DD 85 07 B1 3B B0 60 96 46 9D 6B BA  s./H....;.`.F.k.
6D 02 81 33 F7 F0 DA 55 73 08 62 24 22 C6 AF 23  m..3...Us.b$"..#
D7 09 33 A7 62 57 E6 F1 24 97 02 9A 24 E4 2D 78  ..3.bW..$...$.-x
33 3B 38 B6 39 BE 80 8D 6D 47 D9 8A 45 1D CB 22  3;8.9...mG..E.."
2F 4C 7D 55 E2 1B 7D 68 F7 D5 3F C4 81 10 EC 90  /L}U..}h..?.....
45 C5 CC 6E B3 5A D7 76 BD 6A 3A C9 51 01 24 7B  E..n.Z.v.j:.Q.${
11 7E AC 54 CB D3 EC 37 C6 08 90 9B 21 BB        .~.T...7....!.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+



Regards,
John Ruff

"Shortcuts make for long delays." - J.R.R. Tolken






More information about the Snort-users mailing list