Interesting bit of udp traffic broadcasting from a winnt box upon boot-up. Haven't had a decent look at it yet, but the traffic pattern alone is noteworthy. The user indicates that he ran a binary email attachment (arrrgh!) a few days ago and since then his A-V won't succesfully start up. Note the hex dump of the udp payload. I particularly like th byte-order reversal in the 2nd and 3rd packets. 6 941.523013 10.1.53.192 -> 10.1.53.255 UDP Source port: 1040 Destination port: 54322 0 00a0 24c6 5a1e 0090 2787 ff98 0800 4500 ..$.Z...'.....E. 10 0021 0000 4000 4011 5c16 0a01 350d 0a01 .!..@.@.\....... 20 35ff 0410 d432 000d 7c18 1fab babe 5....2..|..... 7 941.526657 10.1.53.192 -> 10.255.255.255 UDP Source port: 1041 Destination port: 54322 0 00a0 24c6 5a1e 0090 2787 ff98 0800 4500 ..$.Z...'.....E. 10 0021 0000 4000 4011 9117 0a01 350d 0aff .!..@.@......... 20 ffff 0411 d432 000d b118 beba ab1f .....2........ 8 941.529657 10.1.53.192 -> 255.255.255.255 UDP Source port: 1042 Destination port: 54322 0 00a0 24c6 5a1e 0090 2787 ff98 0800 4500 ..$.Z...'.....E. 10 0021 0000 4000 4011 9117 0a01 350d ffff .!..@.@......... 20 ffff 0411 d432 000d b118 beba ab1f .....2........ -- George Bakos, Security Engineer Electronic Warfare Associates-Information & Infrastructure Technologies alpinistaat_private 802-338-3213
This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 16:47:35 PDT