I have seen similar packets, my difference being the source is not my nets,
the destination is broadcast. Anyone find more.. or know what manufactures
these?
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
CheckIpOptions:CheckIpOptions:12/05-09:35:56.221362 0:E0:1E:A9:81:66 ->
FF:FF:FF:FF:FF:FF type:0x800 len:0x66
216.74.77.13 -> 255.255.255.255 ICMP TTL:52 TOS:0x0 ID:0 IpLen:20 DgmLen:84
DF
ID:52584 Seq:0 ECHO
07 18 2D 3A 11 6A 0E 00 08 09 0A 0B 0C 0D 0E 0F ..-:.j..........
10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F ................
20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F !"#$%&'()*+,-./
30 31 32 33 34 35 36 37 01234567
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
--Mike
----- Original Message -----
From: "John Pettitt" <jpp_at_CLOUDVIEW.COM>
To: <>
Sent: Tuesday, November 28, 2000 1:45 PM
Subject: Re: [Snort-users] 13 instances of ping bsd
<snip>
: >On Tue, 28 Nov 2000, Mark Rowlands wrote:
: >
: > > [**] IDS152 - PING BSD [**]
: > > 11/27-22:49:21.777738 0:80:C8:56:FB:5 -> 0:10:4B:B6:F1:7B type:0x800
: > len:0x62
: > > 203.197.173.129 -> 62.5.7.17 ICMP TTL:56 TOS:0x0 ID:55074
: > > ID:23472 Seq:51862 ECHO
: > > 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 ................
: > > 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 ........ !"#$%&'
: > > 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 ()*+,-./01234567
: > > 38 39 3A 3B 3C 3D 3E 3F 89:;<=>?
: > >
: > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
: > >
: > > hi folks, got 13 of these within millisecs of each other all different
IPs
: > > but apparently same mac address...... none of the addresses have shown
up
: > > before or since. any thoughts?
: > > _______________________________________________
Received on Dec 09 2000
Intro
