weird sun rpc scan

From: Jeremy Bae (baeswat_private)
Date: Mon May 14 2001 - 21:19:53 PDT

Next message: Vitaly Osipov: "Re: recent sadmin worm"

Previous message: Jim Starke: "Anyone have any ideas?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Anyone have any idea what might cause this

abnormal.scan.host.sunrpc > my.host1.net.sunrpc: SF [tcp sum ok] 2005068805: 
2005068805(0) win 1028 (ttl 30, id 39426)
	4500 0028 9a02 0000 1e06 4af6 xxxx xxxx
	xxxx xxxx 006f 006f 7782 ec05 5e59 fed6
	5003 0404 326f 0000 0000 0000 0000 0000

abnormal.scan.host.sunrpc > my.host2.net.sunrpc: SF [tcp sum ok] 2005068805: 
2005068805(0) win 1028 (ttl 30, id 39426)
	4500 0028 9a02 0000 1e06 4aed xxxx xxxx
	xxxx xxxx 006f 006f 7782 ec05 5e59 fed6
	5003 0404 3266 0000 0000 0000 0000 0000

another host installed black-ice alerted 'TCP OS fingerprint' .

is there any scan tool to make above packets?

Next message: Vitaly Osipov: "Re: recent sadmin worm"
Previous message: Jim Starke: "Anyone have any ideas?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 15 2001 - 08:10:49 PDT