Hello to all of you. I've seen this morning several (aprox. 82, as reported by snort) alerts containig "SHELLCODE x86 NOOP". Almost all the connections begin with a "WEB-IIS ISAPI .ida access" alert. I've searched on google about this x86 SHELLCODE, but there is nothing about :80 port there. Because I'm new to this field, I'm asking for your help: is this something I should worry about? Thank you for any help. Here is an example from my alert log: [**] WEB-IIS ISAPI .ida access [**] 10/04-01:55:24.944782 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD type:0x800 len:0x24E 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 TOS:0x0 ID:53830 IpLen:20 DgmLen:576 DF ***A**** Seq: 0x42156F Ack: 0xFCEEB102 Win: 0x860 TcpLen: 20 00 00 00 00 00 00 00 00 00 00 60 04 00 A0 00 00 ..........`..... 00 00 80 04 00 1C 1D 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 18 64 04 00 78 03 00 00 00 00 00 00 00 00 00 ..d..x.......... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 2E 74 65 78 74 00 00 00 96 91 02 00 00 10 00 ..text.......... 00 00 92 02 00 00 04 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 20 00 00 60 2E 72 64 61 74 61 00 ..... ..`.rdata. 00 FB 2E 00 00 00 B0 02 00 00 30 00 00 00 96 02 ..........0..... 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 .............@.. 40 2E 64 61 74 61 00 00 00 10 72 01 00 00 E0 02 @.data....r..... 00 00 76 00 00 00 C6 02 00 00 00 00 00 00 00 00 ..v............. 00 00 00 00 00 40 00 00 C0 2E 69 64 61 74 61 00 .....@....idata. 00 F2 14 00 00 00 60 04 00 00 16 00 00 00 3C 03 ......`.......<. 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 .............@.. C0 2E 72 73 72 63 00 00 00 1C 1D 00 00 00 80 04 ..rsrc.......... 00 00 1E 00 00 00 52 03 00 00 00 00 00 00 00 00 ......R......... 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 .....@..@....... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 ........ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] SHELLCODE x86 NOOP [**] 10/04-01:55:36.942082 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD type:0x800 len:0x24E 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 TOS:0x0 ID:44615 IpLen:20 DgmLen:576 DF ***A**** Seq: 0x42E847 Ack: 0xFCEEB102 Win: 0x860 TcpLen: 20 C3 8B 4C 24 04 81 E1 FF 00 00 00 8A 81 B0 01 43 ..L$...........C 00 C3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 A1 4C 38 44 00 85 C0 74 10 8B 44 24 04 25 FF ..L8D...t..D$.%. 00 00 00 8A 80 B0 00 43 00 C3 A1 50 38 44 00 85 .......C...P8D.. C0 74 11 8B 4C 24 04 81 E1 FF 00 00 00 8A 81 B0 .t..L$.......... 02 43 00 C3 A1 54 38 44 00 85 C0 74 11 8B 54 24 .C...T8D...t..T$ 04 81 E2 FF 00 00 00 8A 82 B0 03 43 00 C3 8A 44 ...........C...D 24 04 C3 90 90 90 90 90 90 90 90 90 90 90 90 90 $............... 90 A1 58 38 44 00 85 C0 74 10 8B 44 24 04 25 FF ..X8D...t..D$.%. 00 00 00 8A 80 B0 05 43 00 C3 8A 44 24 04 C3 90 .......C...D$... 90 A1 2C 68 43 00 81 EC B4 01 00 00 53 33 DB 56 ..,hC.......S3.V 3B C3 57 0F 84 A0 01 00 00 39 1D 28 68 43 00 0F ;.W......9.(hC.. 85 A6 00 00 00 66 39 1D 24 68 43 00 75 4A A1 BC .....f9.$hC.uJ.. 40 44 00 8D 4C 24 14 51 C7 44 24 18 03 00 00 00 @D..L$.Q.D$..... C7 44 24 1C 40 E2 40 00 89 5C 24 20 89 5C 24 24 .D$.@.@..\$ .\$$ 89 44 24 28 89 5C 24 2C 89 5C 24 30 89 5C 24 34 .D$(.\$,.\$0.\$4 89 5C 24 38 C7 44 24 3C B8 06 43 00 FF 15 28 66 .\$8.D$<..C...(f 44 00 66 A3 24 68 43 00 8B 35 78 66 44 00 6A 18 D.f.$hC..5xfD.j. FF D6 6A 17 A3 18 68 43 00 FF D6 8D 54 24 6C A3 ..j...hC....T$l. 1C 68 43 00 53 B9 55 00 00 00 33 C0 8D 7C 24 70 .hC.S.U...3..|$p 52 68 54 01 00 00 F3 AB 6A 29 C7 44 24 7C 54 01 RhT.....j).D$|T. 00 00 FF 15 7C 66 44 00 8D 84 24 48 01 00 00 50 ....|fD...$H...P FF 15 60 64 44 00 A3 20 68 43 00 8B 8C 24 CC 01 ..`dD.. hC...$.. 00 00 8B 94 24 C8 01 00 00 51 52 8D 44 24 54 68 ....$....QR.D$Th B0 06 43 00 50 E8 47 3A 01 00 A1 28 68 43 00 83 ..C.P.G:...(hC.. C4 10 3B C3 0F 85 B3 00 00 00 53 FF 15 88 64 44 ..;.......S...dD 00 8D 4C 24 0C 8B F0 51 8D 7C 24 50 83 C9 FF 33 ..L$...Q.|$P...3 C0 F2 AE F7 D1 49 8D 54 24 50 51 52 56 FF 15 64 .....I.T$PQRV..d 64 44 00 56 FF 15 A0 64 44 00 8B 8C 24 C4 01 00 dD.V...dD...$... 00 8D 44 24 3C 50 51 FF 15 20 66 44 00 8B 44 24 ..D$<PQ.. fD..D$ 3C 83 F8 10 8B C8 7D 05 B9 10 00 00 00 8B 44 24 <.....}.......D$ 40 8B 54 24 10 2B C2 83 F8 10 7D 05 B8 10 00 00 @.T$.+....}..... 00 8B 35 BC 40 44 00 53 56 53 53 52 8B 54 24 20 ..5.@D.SVSSR.T$ 52 50 51 8B 0D 24 68 43 RPQ..$hC =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] SHELLCODE x86 NOOP [**] 10/04-01:55:37.521677 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD type:0x800 len:0xCE 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 TOS:0x0 ID:46919 IpLen:20 DgmLen:192 DF ***AP*** Seq: 0x42F0A7 Ack: 0xFCEEB102 Win: 0x860 TcpLen: 20 F8 22 75 06 B8 58 08 43 00 C3 83 F8 23 75 06 B8 ."u..X.C....#u.. 4C 08 43 00 C3 83 F8 24 75 06 B8 40 08 43 00 C3 L.C....$u..@.C.. 83 F8 00 43 00 C3 83 F8 26 75 06 B8 28 08 43 00 ...C....&u..(.C. C3 83 F8 27 75 06 B8 1C 08 43 00 C3 3D FF 00 00 ...'u....C..=... 00 B8 14 08 43 00 74 05 B8 08 08 43 00 C3 90 90 ....C.t....C.... 90 90 90 90 90 90 90 90 90 90 90 90 8B 44 24 10 .............D$. 85 C0 75 10 8B 44 24 04 50 E8 FE 14 00 00 83 C4 ..u..D$.P....... 04 33 C0 C3 8B 4C 24 0C 50 51 E8 0D 00 00 00 83 .3...L$.PQ...... C4 08 B8 01 00 00 00 C3 90 90 90 90 8B 44 24 08 .............D$. 8B C8 48 24 08 8B C8 48 ..H$...H =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] SHELLCODE x86 NOOP [**] 10/04-01:55:37.998818 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD type:0x800 len:0x24E 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 TOS:0x0 ID:50247 IpLen:20 DgmLen:576 DF ***A**** Seq: 0x42F56F Ack: 0xFCEEB102 Win: 0x860 TcpLen: 20 50 51 E8 F2 F8 FF FF 83 C4 08 C7 46 14 03 00 00 PQ.........F.... 00 5E C3 90 90 90 90 90 90 56 8B 74 24 08 81 3E .^.......V.t$..> FB 00 00 00 75 28 83 7E 10 27 75 22 83 3D 24 07 ....u(.~.'u".=$. 43 00 02 75 19 6A 24 68 FB 00 00 00 E8 B8 F8 FF C..u.j$h........ FF 83 C4 08 C7 05 24 07 43 00 00 00 00 00 6A 00 ......$.C.....j. 56 E8 03 FF FF FF 83 C4 08 5E C3 90 90 90 90 90 V........^...... 90 90 90 90 90 90 90 90 90 8B 0D 34 68 43 00 81 ...........4hC.. EC A4 08 00 00 8D 41 E8 53 56 83 F8 0F 57 0F 87 ......A.SV...W.. C9 03 00 00 33 D2 8A 90 64 F1 40 00 FF 24 95 50 ....3...d.@..$.P F1 40 00 83 3D 30 68 43 00 01 0F 85 CE 00 00 00 .@..=0hC........ A1 40 68 43 00 80 38 01 0F 85 C0 00 00 00 BF F4 .@hC..8......... 2F 44 00 83 C9 FF 33 C0 8D 94 24 B4 00 00 00 F2 /D....3...$..... AE F7 D1 2B F9 C6 84 24 B0 00 00 00 FF 8B C1 8B ...+...$........ F7 8B FA C6 84 24 B1 00 00 00 FA C1 E9 02 C6 84 .....$.......... 24 B2 00 00 00 20 C6 84 24 B3 00 00 00 00 F3 A5 $.... ..$....... 8B C8 33 C0 83 E1 03 8B 15 3C 68 43 00 F3 A4 BF ..3......<hC.... F4 2F 44 00 83 C9 FF F2 AE F7 D1 83 C1 03 C6 84 ./D............. 0C B0 00 00 00 FF C6 84 0C B1 00 00 00 F0 83 C1 ................ 02 51 8D 8C 24 B4 00 00 00 51 52 E8 79 12 00 00 .Q..$....QR.y... 83 C4 0C 68 34 0A 43 00 E8 DC A0 FF FF 83 C4 04 ...h4.C......... 8D 44 24 40 68 F4 2F 44 00 68 1C 0A 43 00 50 E8 .D$@h./D.h..C.P. 55 2D 01 00 83 C4 0C 8D 4C 24 40 51 E8 B8 A0 FF U-......L$@Q.... FF 83 C4 04 5F 5E 5B 81 C4 A4 08 00 00 C3 68 F8 ...._^[.......h. 09 43 00 E8 A1 A0 FF FF 83 C4 04 5F 5E 5B 81 C4 .C........._^[.. A4 08 00 00 C3 83 3D 30 68 43 00 01 0F 85 CD 00 ......=0hC...... 00 00 8B 15 40 68 43 00 80 3A 01 0F 85 BE 00 00 ....@hC..:...... 00 A0 D4 2F 44 00 33 C9 84 C0 C6 84 24 B0 00 00 .../D.3.....$... 00 FF C6 84 24 B1 00 00 00 FA C6 84 24 B2 00 00 ....$.......$... 00 18 C6 84 24 B3 00 00 00 00 74 25 3C 61 7C 0C ....$.....t%<a|. 3C 7A 7F 08 0F BE C0 83 E8 20 EB 03 0F BE C0 88 <z....... ...... 84 0C B4 00 00 00 8A 81 D5 2F 44 00 41 84 C0 75 ........./D.A..u DB 8D B4 0C B4 00 00 00 83 C1 06 51 8D 84 24 B4 ...........Q..$. 00 00 00 C6 06 FF C6 84 0C B3 00 00 00 F0 8B 0D ................ 3C 68 43 00 50 51 E8 8E <hC.PQ.. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] SHELLCODE x86 NOOP [**] 10/04-01:55:40.016927 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD type:0x800 len:0x24E 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 TOS:0x0 ID:56391 IpLen:20 DgmLen:576 DF ***A**** Seq: 0x42EA5F Ack: 0xFCEEB102 Win: 0x860 TcpLen: 20 00 8D 44 24 6C 68 00 00 00 80 81 E1 FF FF 00 00 ..D$lh.......... 50 51 68 88 00 00 00 FF 15 18 66 44 00 6A 04 50 PQh.......fD.j.P A3 28 68 43 00 FF 15 30 66 44 00 5F 5E 5B 81 C4 .(hC...0fD._^[.. B4 01 00 00 C3 8D 54 24 4C 52 50 FF 15 38 66 44 ......T$LRP..8fD 00 5F 5E 5B 81 C4 B4 01 00 00 C3 90 90 90 90 90 ._^[............ 90 90 90 90 90 90 90 90 90 8B 44 24 08 83 EC 50 ..........D$...P 83 C0 FE 53 8B 5C 24 64 55 8B 6C 24 5C 56 3D 82 ...S.\$dU.l$\V=. 00 00 00 57 0F 87 A8 01 00 00 33 C9 8A 88 40 E4 ...W......3...@. 40 00 FF 24 8D 28 E4 40 00 B8 01 00 00 00 5F 5E @..$.(.@......_^ 5D 5B 83 C4 50 C2 10 00 8B 7C 24 64 8D 54 24 20 ][..P....|$d.T$ 52 57 FF 15 04 67 44 00 8B 1D 40 64 44 00 8B F0 RW...gD...@dD... A1 20 68 43 00 50 56 FF D3 6A 07 FF 15 B4 64 44 . hC.PV..j....dD 00 50 56 FF D3 8B 0D 18 68 43 00 51 FF 15 54 64 .PV.....hC.Q..Td 44 00 50 56 89 44 24 74 FF D3 8D 54 24 10 52 57 D.PV.D$t...T$.RW 89 44 24 78 FF 15 14 66 44 00 8B 44 24 1C 8B 4C .D$x...fD..D$..L 24 18 8B 54 24 14 50 8B 44 24 14 51 52 50 56 FF $..T$.P.D$.QRPV. 15 58 64 44 00 57 FF 15 70 66 44 00 89 44 24 68 .XdD.W..pfD..D$h 40 50 89 44 24 68 E8 3E 21 00 00 8B 4C 24 68 83 @P.D$h.>!...L$h. C4 04 8B E8 51 55 57 FF 15 74 66 44 00 8B 15 1C ....QUW..tfD.... 68 43 00 52 56 FF 15 48 64 44 00 A1 18 68 43 00 hC.RV..HdD...hC. 50 56 FF 15 90 64 44 00 8B 4C 24 68 8B 54 24 14 PV...dD..L$h.T$. 8B 44 24 10 51 83 C2 03 55 83 C0 03 52 50 56 FF .D$.Q...U...RPV. 15 5C 64 44 00 55 E8 7E 21 00 00 8B 4C 24 74 83 .\dD.U.~!...L$t. C4 04 51 56 FF D3 8B 54 24 6C 52 FF 15 84 64 44 ..QV...T$lR...dD 00 8D 44 24 20 50 57 FF 15 08 67 44 00 33 C0 5F ..D$ PW...gD.3._ 5E 5D 5B 83 C4 50 C2 10 00 83 C8 FF 5F 5E 5D 5B ^][..P......_^][ 83 C4 50 C2 10 00 8B 0D 20 68 43 00 51 FF 15 84 ..P..... hC.Q... 64 44 00 C7 05 20 68 43 00 00 00 00 00 EB 63 6A dD... hC......cj 00 FF 15 88 64 44 00 8B 15 20 68 43 00 8B F0 52 ....dD... hC...R 56 FF 15 40 64 44 00 8D 44 24 10 8B FB 50 83 C9 V..@dD..D$...P.. FF 33 C0 F2 AE F7 D1 49 51 53 56 FF 15 64 64 44 .3.....IQSV..ddD 00 6A 16 8B 4C 24 18 8B 54 24 14 83 C1 06 83 C2 .j..L$..T$...... 06 51 52 6A 00 6A 00 6A 00 55 FF 15 F8 65 44 00 .QRj.j.j.U...eD. 6A 00 6A 00 55 FF 15 50 j.j.U..P =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] SHELLCODE x86 NOOP [**] 10/04-01:55:47.561147 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD type:0x800 len:0x24E 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 TOS:0x0 ID:35933 IpLen:20 DgmLen:576 DF ***A**** Seq: 0x438417 Ack: 0xFCEEB102 Win: 0x860 TcpLen: 20 56 02 88 46 04 8B C1 8B D1 C1 E8 08 C1 EA 10 88 V..F............ 46 06 8B 44 24 30 88 56 05 88 4E 07 83 C4 10 83 F..D$0.V..N..... C6 08 48 8B E9 89 44 24 20 0F 85 62 FF FF FF 89 ..H...D$ ..b.... BB 48 10 00 00 5F 89 AB 4C 10 00 00 5E 5D 5B 83 .H..._..L...^][. C4 08 C3 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 8B 44 24 08 8B 4C 24 04 68 10 7E 43 00 50 51 ..D$..L$.h.~C.PQ E8 0C 00 00 00 83 C4 0C C3 90 90 90 90 90 90 90 ................ 90 8A 44 24 08 83 EC 0C A8 07 53 55 56 57 74 17 ..D$......SUVWt. 68 7D 01 00 00 68 AC 1B 43 00 68 18 1A 43 00 E8 h}...h..C.h..C.. 1D B2 00 00 83 C4 0C 8B 44 24 28 8B 88 4C 10 00 ........D$(..L.. 00 8B 98 48 10 00 00 89 4C 24 10 8B 4C 24 24 85 ...H....L$..L$$. C9 0F 8E BA 00 00 00 8B 74 24 20 83 C1 07 C1 E9 ........t$ ..... 03 89 4C 24 24 33 D2 33 C9 8A 36 8A 4E 02 8A 56 ..L$$3.3..6.N..V 01 50 C1 E2 08 0B D1 33 C9 8A 4E 03 C1 E2 08 0B .P.....3..N..... D1 33 C9 8A 4E 06 8B FA 33 D2 8A 76 04 8A 56 05 .3..N...3..v..V. C1 E2 08 0B D1 33 C9 8A 4E 07 C1 E2 08 0B D1 8B .....3..N....... EA 8D 54 24 18 52 55 57 E8 B4 F9 FF FF 8B 54 24 ..T$.RUW......T$ 24 8B 44 24 20 8B 4C 24 28 33 DA 33 C1 8B CB 8B $.D$ .L$(3.3.... D3 88 5E 03 C1 E9 18 C1 EA 10 88 0E 88 56 01 8B ..^..........V.. CB 8B D0 C1 E9 08 C1 EA 18 88 4E 02 88 56 04 8B ..........N..V.. C8 8B D0 C1 E9 10 C1 EA 08 88 46 07 8B 44 24 34 ..........F..D$4 88 4E 05 88 56 06 83 C4 10 83 C6 08 48 8B DF 89 .N..V.......H... 44 24 24 8B 44 24 28 89 6C 24 10 0F 85 54 FF FF D$$.D$(.l$...T.. FF 8B 4C 24 10 5F 5E 89 98 48 10 00 00 5D 89 88 ..L$._^..H...].. 4C 10 00 00 5B 83 C4 0C C3 90 90 90 90 90 90 90 L...[........... 90 81 EC 48 02 00 00 8D 44 24 00 53 56 57 68 07 ...H....D$.SVWh. 01 00 00 50 FF 15 4C 65 44 00 BF DC 1B 43 00 83 ...P..LeD....C.. C9 FF 33 C0 8D 54 24 0C F2 AE F7 D1 2B F9 8B F7 ..3..T$.....+... 8B D9 8B FA 83 C9 FF F2 AE 8B CB 4F C1 E9 02 F3 ...........O.... A5 8B CB 8D 84 24 14 01 00 00 83 E1 03 50 F3 A4 .....$.......P.. 8D 4C 24 10 51 FF 15 34 65 44 00 8B BC 24 58 02 .L$.Q..4eD...$X. 00 00 8B F0 83 FE FF 74 2E 8B 1D 38 65 44 00 8D .......t...8eD.. 94 24 14 01 00 00 68 40 01 00 00 52 FF D7 83 C4 .$....h@...R.... 08 8D 84 24 14 01 00 00 ...$.... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] SHELLCODE x86 NOOP [**] 10/04-01:55:55.535563 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD type:0x800 len:0x24E 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 TOS:0x0 ID:9856 IpLen:20 DgmLen:576 DF ***A**** Seq: 0x43F56F Ack: 0xFCEEB102 Win: 0x860 TcpLen: 20 4C 02 FE 8A 0D 88 A4 43 00 A1 98 A4 43 00 8B 15 L......C....C... 90 A4 43 00 2A C8 88 4C 02 FF C3 90 90 90 90 90 ..C.*..L........ 90 90 90 90 90 90 90 90 90 8B 4C 24 04 8D 44 24 ..........L$..D$ 04 56 50 51 E8 B0 00 00 00 83 C4 08 8B F0 E8 36 .VPQ...........6 FF FF FF 8B 54 24 08 52 56 E8 1B 00 00 00 83 C4 ....T$.RV....... 08 56 E8 82 17 FF FF 83 C4 04 5E C3 90 90 90 90 .V........^..... 90 90 90 90 90 90 90 90 90 8B 44 24 08 8B 4C 24 ..........D$..L$ 04 50 51 E8 01 FE FF FF 8B 15 88 A4 43 00 A1 98 .PQ.........C... A4 43 00 8B 0D 90 A4 43 00 2B D0 C1 FA 18 88 54 .C.....C.+.....T 01 FC 8B 15 88 A4 43 00 A1 98 A4 43 00 8B 0D 90 ......C....C.... A4 43 00 2B D0 83 C4 08 C1 FA 10 88 54 01 FD 8B .C.+........T... 15 88 A4 43 00 A1 98 A4 43 00 8B 0D 90 A4 43 00 ...C....C.....C. 2B D0 C1 FA 08 88 54 01 FE 8A 15 88 A4 43 00 A1 +.....T......C.. 98 A4 43 00 8B 0D 90 A4 43 00 2A D0 88 54 01 FF ..C.....C.*..T.. C3 90 90 90 90 90 90 90 90 53 8B 5C 24 08 55 56 .........S.\$.UV 57 33 FF 66 8B 3B 8D 2C 3F 8D 45 01 50 E8 47 16 W3.f.;.,?.E.P.G. FF FF 8B F0 83 C4 04 85 F6 75 0D 68 80 27 43 00 .........u.h.'C. E8 C4 65 FE FF 83 C4 04 85 FF C6 06 00 7E 1D 8D ..e..........~.. 46 02 8D 0C 2B 33 D2 83 C0 02 8A 51 01 83 E9 02 F...+3.....Q.... 88 50 FD 8A 51 02 88 50 FE 4F 75 E9 8A 0E 33 C0 .P..Q..P.Ou...3. 84 C9 75 11 B1 80 84 4C 30 01 75 09 8A 54 30 01 ..u....L0.u..T0. 40 84 D2 74 F1 2B E8 03 C6 8D 7D 01 57 50 56 E8 @..t.+....}.WPV. B5 2D 00 00 8B 44 24 24 83 C4 0C 89 38 8B C6 5F .-...D$$....8.._ 5E 5D 5B C3 90 90 90 90 90 A1 50 A4 43 00 83 EC ^][.......P.C... 08 85 C0 53 56 74 51 8D 4C 24 0C 8D 54 24 08 51 ...SVtQ.L$..T$.Q 8B 0D 88 A4 43 00 52 8B 15 90 A4 43 00 83 C1 FB ....C.R....C.... 83 C2 05 51 52 FF 50 08 83 C4 10 85 C0 74 29 8B ...QR.P......t). 44 24 0C 8B 4C 24 08 50 51 C7 05 88 A4 43 00 05 D$..L$.PQ....C.. 00 00 00 E8 B1 FC FF FF 8B 54 24 10 83 C4 08 52 .........T$....R E8 04 16 FF FF 83 C4 04 A1 3C A4 43 00 85 C0 74 .........<.C...t 05 8B 48 20 EB 05 B9 08 00 00 00 83 F9 08 7D 05 ..H ..........}. B9 08 00 00 00 A1 88 A4 43 00 33 F6 83 C0 04 99 ........C.3..... F7 F9 8B C1 2B C2 99 F7 F9 8B 0D 90 A4 43 00 8B ....+........C.. DA 83 C3 04 85 DB 88 59 .......Y =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] SHELLCODE x86 NOOP [**] 10/04-01:55:58.581281 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD type:0x800 len:0x24E 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 TOS:0x0 ID:16512 IpLen:20 DgmLen:576 DF ***A**** Seq: 0x442A5F Ack: 0xFCEEB102 Win: 0x860 TcpLen: 20 00 50 E8 32 00 00 00 83 C4 0C C3 90 90 90 90 90 .P.2............ 90 90 90 90 90 90 90 90 90 8B 44 24 04 6A 00 6A ..........D$.j.j 01 50 E8 12 00 00 00 83 C4 0C C3 90 90 90 90 90 .P.............. 90 90 90 90 90 90 90 90 90 A1 F8 26 44 00 53 55 ...........&D.SU 8B 6C 24 0C 83 F8 01 56 75 0E 55 FF 15 24 65 44 .l$....Vu.U..$eD 00 50 FF 15 08 65 44 00 8B 44 24 14 8B 5C 24 18 .P...eD..D$..\$. 85 C0 C7 05 F4 26 44 00 01 00 00 00 88 1D F0 26 .....&D........& 44 00 75 3E 8B 0D 08 52 44 00 85 C9 74 22 8B 35 D.u>...RD...t".5 04 52 44 00 83 EE 04 3B F1 72 15 8B 06 85 C0 74 .RD....;.r.....t 08 FF D0 8B 0D 08 52 44 00 83 EE 04 3B F1 73 EB ......RD....;.s. 68 1C E0 42 00 68 14 E0 42 00 E8 3A 00 00 00 83 h..B.h..B..:.... C4 08 68 24 E0 42 00 68 20 E0 42 00 E8 28 00 00 ..h$.B.h .B..(.. 00 83 C4 08 85 DB 75 11 55 C7 05 F8 26 44 00 01 ......u.U...&D.. 00 00 00 FF 15 0C 65 44 00 5E 5D 5B C3 90 90 90 ......eD.^][.... 90 90 90 90 90 90 90 90 90 56 8B 74 24 08 57 8B .........V.t$.W. 7C 24 10 3B F7 73 0F 8B 06 85 C0 74 02 FF D0 83 |$.;.s.....t.... C6 04 3B F7 72 F1 5F 5E C3 A1 38 27 44 00 83 EC ..;.r._^..8'D... 08 85 C0 53 75 1E 8B 44 24 10 83 F8 41 0F 8C DD ...Su..D$...A... 00 00 00 83 F8 5A 0F 8F D4 00 00 00 83 C0 20 5B .....Z........ [ 83 C4 08 C3 8B 5C 24 10 81 FB 00 01 00 00 7D 2C .....\$.......}, 83 3D 9C 2C 43 00 01 7E 0D 6A 01 53 E8 F8 00 00 .=.,C..~.j.S.... 00 83 C4 08 EB 0B A1 90 2A 43 00 8A 04 58 83 E0 ........*C...X.. 01 85 C0 75 07 8B C3 5B 83 C4 08 C3 8B 15 90 2A ...u...[.......* 43 00 8B C3 C1 F8 08 8B C8 81 E1 FF 00 00 00 F6 C............... 44 4A 01 80 74 14 88 44 24 10 88 5C 24 11 C6 44 DJ..t..D$..\$..D 24 12 00 B8 02 00 00 00 EB 0E 88 5C 24 10 C6 44 $..........\$..D 24 11 00 B8 01 00 00 00 6A 00 8D 4C 24 08 6A 03 $.......j..L$.j. 51 8D 54 24 1C 50 A1 38 27 44 00 52 68 00 01 00 Q.T$.P.8'D.Rh... 00 50 E8 72 32 00 00 83 C4 1C 85 C0 75 07 8B C3 .P.r2.......u... 5B 83 C4 08 C3 83 F8 01 75 0E 8B 44 24 04 25 FF [.......u..D$.%. 00 00 00 5B 83 C4 08 C3 8B 44 24 05 8B 4C 24 04 ...[.....D$..L$. 25 FF 00 00 00 81 E1 FF 00 00 00 C1 E0 08 0B C1 %............... 5B 83 C4 08 C3 90 90 90 90 55 8B EC 56 33 C0 50 [........U..V3.P 50 50 50 50 50 50 50 8B PPPPPPP. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] SHELLCODE x86 NOOP [**] 10/04-01:56:01.991104 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD type:0x800 len:0x24E 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 TOS:0x0 ID:59781 IpLen:20 DgmLen:576 DF ***A**** Seq: 0x445DCF Ack: 0xFCEEB102 Win: 0x860 TcpLen: 20 83 C4 08 EB 0F 8B 74 24 08 A1 90 2A 43 00 8A 04 ......t$...*C... 70 83 E0 04 85 C0 75 06 83 E6 DF 83 EE 07 8B C6 p.....u......... 5E C3 90 90 90 90 90 90 90 8B 4C 24 04 8B 41 04 ^.........L$..A. 48 89 41 04 78 0A 8B 11 33 C0 8A 02 42 89 11 C3 H.A.x...3...B... 51 E8 33 20 00 00 83 C4 04 C3 90 90 90 90 90 90 Q.3 ............ 90 90 90 90 90 90 90 90 90 8B 44 24 04 83 F8 FF ..........D$.... 74 0E 8B 4C 24 08 51 50 E8 BC 31 00 00 83 C4 08 t..L$.QP..1..... C3 90 90 90 90 90 90 90 90 53 8B 5C 24 0C 56 57 .........S.\$.VW 8B 7C 24 10 53 FF 07 E8 9D FF FF FF 83 C4 04 8B .|$.S........... F0 56 E8 42 31 00 00 83 C4 04 85 C0 74 1D 8B 37 .V.B1.......t..7 53 46 89 37 E8 80 FF FF FF 83 C4 04 8B F0 56 E8 SF.7..........V. 25 31 00 00 83 C4 04 85 C0 75 E3 8B C6 5F 5E 5B %1.......u..._^[ C3 90 90 90 90 90 90 90 90 A1 2C 27 44 00 53 8B ..........,'D.S. 1D D4 64 44 00 55 56 57 85 C0 75 49 6A 00 6A 00 ..dD.UVW..uIj.j. 6A 01 68 E8 A4 43 00 68 00 01 00 00 6A 00 FF D3 j.h..C.h....j... 85 C0 74 07 B8 02 00 00 00 EB 25 6A 00 6A 00 6A ..t.......%j.j.j 01 68 D4 DB 42 00 68 00 01 00 00 6A 00 FF 15 D0 .h..B.h....j.... 64 44 00 85 C0 0F 84 C3 01 00 00 B8 01 00 00 00 dD.............. A3 2C 27 44 00 8B 74 24 20 85 F6 7E 17 8B 7C 24 .,'D..t$ ..~..|$ 1C 56 57 E8 B1 01 00 00 8B F0 A1 2C 27 44 00 83 .VW........,'D.. C4 08 EB 04 8B 7C 24 1C 83 F8 02 75 1D 8B 44 24 .....|$....u..D$ 28 8B 4C 24 24 8B 54 24 18 50 8B 44 24 18 51 56 (.L$$.T$.P.D$.QV 57 52 50 FF D3 5F 5E 5D 5B C3 83 F8 01 0F 85 D2 WRP.._^][....... 00 00 00 8B 6C 24 2C C7 44 24 20 00 00 00 00 85 ....l$,.D$ ..... ED 75 0C 8B 0D 48 27 44 00 89 4C 24 2C 8B E9 6A .u...H'D..L$,..j 00 6A 00 56 57 6A 09 55 FF 15 DC 64 44 00 8B F8 .j.VWj.U...dD... 85 FF 75 05 5F 5E 5D 5B C3 8D 14 3F 52 E8 E7 D0 ..u._^][...?R... FF FF 8B D8 83 C4 04 85 DB 75 05 5F 5E 5D 5B C3 .........u._^][. 8B 44 24 1C 57 53 56 50 6A 01 55 FF 15 DC 64 44 .D$.WSVPj.U...dD 00 85 C0 0F 84 EF 00 00 00 8B 6C 24 18 8B 4C 24 ..........l$..L$ 14 6A 00 6A 00 57 53 55 51 FF 15 D0 64 44 00 8B .j.j.WSUQ...dD.. F0 85 F6 0F 84 CF 00 00 00 F7 C5 00 04 00 00 74 ...............t 49 8B 44 24 28 85 C0 74 24 3B F0 0F 8F B7 00 00 I.D$(..t$;...... 00 8B 54 24 24 50 8B 44 ..T$$P.D =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] SHELLCODE x86 NOOP [**] 10/04-01:56:02.762176 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD type:0x800 len:0x24E 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 TOS:0x0 ID:61573 IpLen:20 DgmLen:576 DF ***A**** Seq: 0x446C77 Ack: 0xFCEEB102 Win: 0x860 TcpLen: 20 41 80 38 00 74 F9 3B CA 73 1E 2B D9 3B DA 72 4C A.8.t.;.s.+.;.rL 8B F0 EB 07 25 FF 00 00 00 03 F0 3B 74 24 14 72 ....%......;t$.r BD 33 C0 5F 5E 5D 5B C3 8D 04 16 8D 9F F8 00 00 .3._^][......... 00 3B C3 73 09 2B CA 89 07 89 4F 04 EB 09 89 2F .;.s.+....O..../ C7 47 04 00 00 00 00 8D 04 7F 88 16 8D 14 80 8D .G.............. 46 08 C1 E0 04 2B C2 5F 5E 5D 5B C3 5F 5E 5D 33 F....+._^][._^]3 C0 5B C3 90 90 90 90 90 90 90 90 90 90 90 90 90 .[.............. 90 8B 4C 24 04 53 55 8B 6C 24 10 56 57 8B 79 10 ..L$.SU.l$.VW.y. 8B D5 2B D7 8B 7C 24 1C C1 FA 0C 8B 5C 24 20 33 ..+..|$.....\$ 3 C0 8D 4C D1 18 33 D2 8A 17 89 4C 24 18 8B F2 3B ..L..3....L$...; F3 76 1B 88 1F 8B 01 2B F3 C7 41 04 F1 00 00 00 .v.....+..A..... 03 C6 89 01 B8 01 00 00 00 5F 5E 5D 5B C3 73 70 ........._^][.sp 8D 0C 3B 8D 95 F8 00 00 00 3B CA 77 63 8D 14 3E ..;......;.wc..> 3B D1 73 0C 80 3A 00 75 05 42 3B D1 72 F6 3B D1 ;.s..:.u.B;.r.;. 75 4E 88 1F 8B 45 00 3B F8 77 34 3B C8 76 30 8D uN...E.;.w4;.v0. 85 F8 00 00 00 3B C8 73 19 89 4D 00 8A 11 33 C0 .....;.s..M...3. 84 D2 75 09 8A 54 08 01 40 84 D2 74 F7 89 45 04 ..u..T..@..t..E. EB 0D 8D 45 08 C7 45 04 00 00 00 00 89 45 00 8B ...E..E......E.. 44 24 18 2B F3 8B 08 03 CE 89 08 B8 01 00 00 00 D$.+............ 5F 5E 5D 5B C3 90 90 90 90 90 90 90 90 90 90 90 _^][............ 90 8B 44 24 04 8B 0D E0 41 44 00 3B C1 73 3F 8B ..D$....AD.;.s?. C8 8B D0 C1 F9 05 83 E2 1F 8B 0C 8D E0 40 44 00 .............@D. F6 44 D1 04 01 74 27 50 E8 54 2F 00 00 83 C4 04 .D...t'P.T/..... 50 FF 15 8C 65 44 00 85 C0 75 08 FF 15 F0 64 44 P...eD...u....dD 00 EB 02 33 C0 85 C0 74 12 A3 B4 26 44 00 C7 05 ...3...t...&D... B0 26 44 00 09 00 00 00 83 C8 FF C3 90 90 90 90 .&D............. 90 8B 44 24 04 8B 0D E0 41 44 00 81 EC 1C 04 00 ..D$....AD...... 00 3B C1 53 55 56 57 0F 83 91 01 00 00 8B C8 8B .;.SUVW......... F0 C1 F9 05 83 E6 1F 8B 14 8D E0 40 44 00 8D 3C ...........@D..< 8D E0 40 44 00 C1 E6 03 89 7C 24 24 89 74 24 14 ..@D.....|$$.t$. 8A 4C 16 04 F6 C1 01 0F 84 61 01 00 00 8B 9C 24 .L.......a.....$ 38 04 00 00 33 ED 3B DD 89 6C 24 10 89 6C 24 20 8...3.;..l$..l$ 75 0D 33 C0 5F 5E 5D 5B 81 C4 1C 04 00 00 C3 F6 u.3._^][........ C1 20 74 0C 6A 02 55 50 . t.j.UP =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] SHELLCODE x86 NOOP [**] 10/04-01:56:03.631988 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD type:0x800 len:0x24E 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 TOS:0x0 ID:63877 IpLen:20 DgmLen:576 DF ***A**** Seq: 0x447DCF Ack: 0xFCEEB102 Win: 0x860 TcpLen: 20 83 C8 FF 5F 5E 5D 5B C3 33 C0 5F 5E 5D 5B C3 5F ..._^][.3._^][._ 5E 5D C7 05 B0 26 44 00 09 00 00 00 C7 05 B4 26 ^]...&D........& 44 00 00 00 00 00 83 C8 FF 5B C3 90 90 90 90 90 D........[...... 90 90 90 90 90 90 90 90 90 56 8B 74 24 08 8B 46 .........V.t$..F 0C A8 83 74 25 A8 08 74 21 8B 46 08 50 E8 97 B4 ...t%..t!.F.P... FF FF 8B 46 0C 83 C4 04 25 F7 FB FF FF 89 46 0C ...F....%.....F. 33 C0 89 06 89 46 08 89 46 04 5E C3 90 90 90 90 3....F..F.^..... 90 90 90 90 90 90 90 90 90 56 8B 74 24 08 57 8B .........V.t$.W. 46 0C A8 83 0F 84 D5 00 00 00 A8 40 0F 85 CD 00 F..........@.... 00 00 A8 02 74 0B 0C 20 89 46 0C 83 C8 FF 5F 5E ....t.. .F...._^ C3 0C 01 A9 0C 01 00 00 89 46 0C 75 0B 56 E8 06 .........F.u.V.. FD FF FF 83 C4 04 EB 05 8B 46 08 89 06 8B 4E 18 .........F....N. 8B 56 08 8B 46 10 51 52 50 E8 9B 00 00 00 83 C4 .V..F.QRP....... 0C 89 46 04 85 C0 74 6E 83 F8 FF 74 69 8B 56 0C ..F...tn...ti.V. F6 C2 82 75 32 8B 4E 10 83 F9 FF 74 14 8B F9 C1 ...u2.N....t.... FF 05 83 E1 1F 8B 3C BD E0 40 44 00 8D 3C CF EB ......<..@D..<.. 05 BF B0 51 43 00 8A 4F 04 80 E1 82 80 F9 82 75 ...QC..O.......u 06 80 CE 20 89 56 0C 81 7E 18 00 02 00 00 75 14 ... .V..~.....u. 8B 4E 0C F6 C1 08 74 0C F6 C5 04 75 07 C7 46 18 .N....t....u..F. 00 10 00 00 48 33 D2 89 46 04 8B 06 8A 10 40 89 ....H3..F.....@. 06 8B C2 5F 5E C3 8B 4E 0C C7 46 04 00 00 00 00 ..._^..N..F..... F7 D8 1B C0 83 E0 10 83 C0 10 0B C8 89 4E 0C 5F .............N._ 83 C8 FF 5E C3 90 90 90 90 A1 E0 41 44 00 83 EC ...^.......AD... 0C 53 8B 5C 24 14 55 56 3B D8 57 0F 83 1D 02 00 .S.\$.UV;.W..... 00 8B C3 83 E3 1F C1 F8 05 C1 E3 03 8B 0C 85 E0 ................ 40 44 00 8D 34 85 E0 40 44 00 89 74 24 14 8D 04 @D..4..@D..t$... 0B 89 44 24 10 8A 50 04 F6 C2 01 0F 84 ED 01 00 ..D$..P......... 00 8B 4C 24 28 8B 7C 24 24 33 ED 8B C7 85 C9 0F ..L$(.|$$3...... 84 CF 01 00 00 F6 C2 02 0F 85 C6 01 00 00 F6 C2 ................ 48 74 1E 8B 54 24 10 8A 52 05 80 FA 0A 74 12 88 Ht..T$..R....t.. 17 8B 16 8D 47 01 BD 01 00 00 00 49 C6 44 13 05 ....G......I.D.. 0A 8D 54 24 10 6A 00 52 51 50 8B 06 8B 0C 03 51 ..T$.j.RQP.....Q FF 15 54 65 44 00 85 C0 75 48 FF 15 F0 64 44 00 ..TeD...uH...dD. 83 F8 05 75 1A A3 B4 26 ...u...& =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 08:43:24 PDT