Snort mailing list archives
BAD TRAFFIC (?)
From: "koriun@ipia" <koriun () ipia sci am>
Date: Fri, 1 Mar 2002 14:00:22 +0400
Hello All,
Who know what know this log ?
[**] BAD TRAFFIC tcp port 0 traffic [**]
03/01-13:01:39.922027 195.250.71.1:1095 -> 195.250.71.10:0
TCP TTL:64 TOS:0x0 ID:47149 IpLen:20 DgmLen:60 DF
******S* Seq: 0xC3AF74C3 Ack: 0x0 Win: 0x7D78 TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 17387554 0 NOP WS: 0
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
[**] BAD TRAFFIC tcp port 0 traffic [**]
03/01-13:01:39.922241 X.Y.Z.10:0 -> X.Y.Z.1:1095
TCP TTL:255 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
***A*R** Seq: 0x0 Ack: 0xC3AF74C4 Win: 0x0 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
(As I know these 2 machines are DNS servers.)
--
Best regards,
koriun mailto:koriun () ipia sci am
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Chrooting snort Alain Tesio (Feb 28)
- Re: Chrooting snort Erek Adams (Feb 28)
- Re: Chrooting snort Alain Tesio (Feb 28)
- Re: Chrooting snort Erek Adams (Feb 28)
- Re: Chrooting snort Alain Tesio (Feb 28)
- Re: Chrooting snort Erek Adams (Mar 01)
- BAD TRAFFIC (?) koriun@ipia (Mar 01)
- Re: Chrooting snort Alain Tesio (Feb 28)
- Re: Chrooting snort Erek Adams (Feb 28)