I keep seeing these in my logs. Any clue about what that means? Apr 13 23:39:28 wrvfw snort: MISC traceroute: 216.200.130.7:53 -> 207.66.187.254:33434 Apr 13 23:39:29 wrvfw snort: MISC traceroute: 216.200.130.7:53 -> 207.66.187.254:33434 Dump of packets from snort: =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-23:39:28.892934 216.200.130.7:53 -> 207.66.187.254:33434 UDP TTL:1 TOS:0x0 ID:56143 IpLen:20 DgmLen:64 Len: 44 DB 4F 80 81 00 00 00 00 00 00 00 00 00 00 00 00 .O.............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 .... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-23:39:29.893835 216.200.130.7:53 -> 207.66.187.254:33434 UDP TTL:1 TOS:0x0 ID:56144 IpLen:20 DgmLen:64 Len: 44 DB 50 80 81 00 00 00 00 00 00 00 00 00 00 00 00 .P.............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 .... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ Yes, this machine had been compromised over a month ago. I install all new software since then. Pat Moffitt MIS Administrator Western Recreational Vehicles, Inc. misat_private
This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 15:59:10 PDT