Can any Apple folks help out?

From: George Bakos (alpinistaat_private)
Date: Sun May 06 2001 - 19:46:23 PDT

Next message: Valdis Kletnieks: "Re: DNS ports and scans"

Previous message: H D Moore: "Re: Found this in my logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Apple NetAssitant is the only thing anyone has been able to come up with for
this scan.  Here's the 5 bytes of udp data that was fired at my hosts:

0015 0001 01

Can anyone that is running NetAssistant please confirm this as appropriate data
for that app?  If not, perhaps we are missing something.

[gbakos@piggy gbakos]$ zcat /home/shadow/LOG/****/May05/tcp.2001050523.gz |/usr/local/logger/tcpdump -nvvXr - udp and port 3283
23:31:16.403628 65.7.179.191.3283 > target.net.162.3283:  udp 5 (DF) (ttl 243, id 30002)
0x0000   4500 0021 7532 4000 f311 e569 4107 b3bf        E..!u2@....iA...
0x0010   good guys 0cd3 0cd3 000d b7e8 0015 0001        ..f.............
0x0020   0100 0000 0000 0000 0000 0000 0000             ..............
23:31:16.410567 65.7.179.191.3283 > target.net.163.3283:  udp 5 (DF) (ttl 243, id 61713)
0x0000   4500 0021 f111 4000 f311 6989 4107 b3bf        E..!..@...i.A...
0x0010   d1c6 66a3 0cd3 0cd3 000d b7e7 0015 0001        ..f.............
0x0020   0100 0000 0000 0000 0000 0000 0000             ..............
23:31:16.441115 65.7.179.191.3283 > target.net.164.3283:  udp 5 (DF) (ttl 243, id 17442)
0x0000   4500 0021 4422 4000 f311 1678 4107 b3bf        E..!D"@....xA...
0x0010   d1c6 66a4 0cd3 0cd3 000d b7e6 0015 0001        ..f.............
0x0020   0101 0000 0000 0000 0331 3931 0331             .........191.1
23:31:16.498840 65.7.179.191.3283 > target.net.170.3283:  udp 5 (DF) (ttl 243, id 65093)
0x0000   4500 0021 fe45 4000 f311 5c4e 4107 b3bf        E..!.E@...\NA...
0x0010   d1c6 66aa 0cd3 0cd3 000d b7e0 0015 0001        ..f.............
0x0020   0101 0000 0000 0000 0331 3931 0331             .........191.1
23:31:16.639956 65.7.179.191.3283 > target.net.180.3283:  udp 5 (DF) (ttl 243, id 46418)
0x0000   4500 0021 b552 4000 f311 a537 4107 b3bf        E..!.R@....7A...
0x0010   d1c6 66b4 0cd3 0cd3 000d b7d6 0015 0001        ..f.............
0x0020   0101 0000 0000 0000 0331 3931 0331             .........191.1
23:31:16.780316 65.7.179.191.3283 > target.net.190.3283:  udp 5 (DF) (ttl 243, id 49842)
0x0000   4500 0021 c2b2 4000 f311 97cd 4107 b3bf        E..!..@.....A...
0x0010   d1c6 66be 0cd3 0cd3 000d b7cc 0015 0001        ..f.............
0x0020   0101 0000 0000 0000 0331 3931 0331             .........191.1

George Bakos
alpinistaat_private

Next message: Valdis Kletnieks: "Re: DNS ports and scans"
Previous message: H D Moore: "Re: Found this in my logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 07 2001 - 19:19:33 PDT