Greetings, I need some help trying to explain two different issues. 1) We received an email from someone else with only the following in the mail: ######################################################################################### <snip> Sent: Friday, September 28, 2001 3:04 PM Subject: Be sure to answer. \par }\pard \qj\widctlpar{\*\pn \pnlvlcont\pndec }{\fs24\lang2057 \par {\pntext\pard\plain\f1 \'b7\tab}}\pard \qj\fi-283\li283\widctlpar{\*\pn \pnlvlblt\pnf1\pnindent283 {\pntxtb \'b7}}{\fs24\lang2057 Create a new file. \par }\pard \qj\widctlpar{\*\pn \pnlvlcont\pndec }{\fs24\lang2057 \par The new command \ldblquote Scan Text\rdblquote has been added to the \ldblquote File\rdblquote menu. \par \par \par }{\b\fs30\lang2057 C. Excel 2000 (Office 2000) and Excel 97 (Office 97) \par }{\fs24\lang2057 \par Start Excel. ########################################################################################## My questions are : - WTF is this ? or What was it suppose to be ? - What does the above code try to do ? I suppose this couldve just been an accident, I haven't mailed the sender for his input yet. Just thought I'll add it into the email along with my other question. 2) We are using E-trust from Computer Associates. It has detected an event "Attempt to use Wingate Redirector DoS". I suspect this is a false positive but I cannot explain what was it that actually triggered this alert. I need some help trying to figure out what actually happened. LOG: ######################################################################### Client IP = xxx.xxx.xxx.xxx Server IP = aaa.aaa.aaa.aaa Client physical address = 00:04:AC:4C:35:27 Server physical address = 00:04:AC:38:7D:6E Client port = 1066 Server port = 2080 TCP Server -> Client 05 00 0B 03 10 00 00 00 83 00 33 00 01 00 00 00 ........f.3..... D0 16 D0 16 00 00 00 00 01 00 00 00 00 00 01 00 Ð.Ð............. 00 DB F1 A4 47 CA 67 10 B3 1F 00 DD 01 06 62 DA .Ûñ¤GÊg.³..Ý..bÚ 00 00 51 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 ..Q..]^Së.É.Yè.. 2B 10 48 60 02 00 00 00 0A 02 00 00 88 E2 08 00 +.H`........^â.. 4E 54 4C 4D 53 53 50 00 01 00 00 00 07 B2 00 A0 NTLMSSP......². 07 00 07 00 2C 00 00 00 0C 00 0C 00 20 00 00 00 ....,....... ... 4C 49 4E 44 41 4C 4F 55 54 44 42 4E 43 4F 52 50 LINDALOUTDBNCORP 43 4F 4D COM Client -> Server 05 00 0C 03 10 00 00 00 82 00 3E 00 01 00 00 00 ........,.>..... D0 16 D0 16 1B 3F 01 00 05 00 31 30 36 36 00 61 Ð.Ð..?....1066.a 01 00 00 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 .........]^Së.É. 9F E8 08 00 2B 10 48 60 02 00 00 00 0A 02 00 00 Yè..+.H`........ 88 E2 08 00 4E 54 4C 4D 53 53 50 00 02 00 00 00 ^â..NTLMSSP..... 0E 00 0E 00 30 00 00 00 05 82 01 00 F5 0A 69 96 ....0....,..õ.i- 70 CD B7 66 00 00 00 00 00 00 00 00 00 00 00 00 pÍ·f............ 3E 00 00 00 43 00 4F 00 52 00 50 00 43 00 4F 00 >...C.O.R.P.C.O. 4D 00 M. Server -> Client 05 00 10 03 10 00 00 00 BC 00 A0 00 01 00 00 00 ........¼. ..... D0 16 D0 16 0A 02 00 00 88 E2 08 00 4E 54 4C 4D Ð.Ð.....^â..NTLM 53 53 50 00 03 00 00 00 18 00 18 00 70 00 00 00 SSP.........p... 18 00 18 00 88 00 00 00 0E 00 0E 00 40 00 00 00 ....^.......@... 0A 00 0A 00 4E 00 00 00 18 00 18 00 58 00 00 00 ....N.......X... 00 00 00 00 A0 00 00 00 05 82 00 00 43 00 4F 00 .... ....,..C.O. 52 00 50 00 43 00 4F 00 4D 00 4C 00 69 00 6E 00 R.P.C.O.M.L.i.n. 64 00 61 00 4C 00 49 00 4E 00 44 00 41 00 4C 00 d.a.L.I.N.D.A.L. 4F 00 55 00 54 00 44 00 42 00 4E 00 5F 46 EA BA O.U.T.D.B.N._Fêº 74 D2 F2 71 3E 54 19 95 BF 80 61 4D 2E FD 3B 98 tÒòq>T.*¿?aM.ý;~ CC BC 0A 4C BD DD A5 B4 89 16 42 D4 6A C1 55 BC ̼.L½Ý¥´?.BÔjÁU¼ 54 0A A7 19 DA 5C E4 79 B5 05 F0 54 05 00 00 03 T.§.Ú\äyµ.ðT.... 10 00 00 00 A0 00 10 00 01 00 00 00 6C 00 00 00 .... .......l... 00 00 00 00 35 00 00 00 00 00 00 00 35 00 00 00 ....5.......5... 2F 6F 3D 43 6F 72 70 63 6F 6D 20 4F 75 74 64 6F /o=Corpcom Outdo 6F 72 2F 6F 75 3D 43 4F 52 50 43 4F 4D 2F 63 6E or/ou=CORPCOM/cn 3D 52 65 63 69 70 69 65 6E 74 73 2F 63 6E 3D 4C =Recipients/cn=L 69 6E 64 61 00 82 01 00 00 00 00 00 F5 DB 40 99 inda.,......õÛ@? 00 00 00 00 E4 04 00 00 09 04 00 00 09 1C 00 00 ....ä........... FF FF FF FF 01 00 05 00 03 0B 00 00 00 00 D3 01 ÿÿÿÿ..........Ó. 00 00 00 00 0A 02 04 00 88 E2 08 00 01 00 00 00 ........^â...... 00 00 00 00 00 00 00 00 00 00 00 00 ............ Client -> Server 05 00 02 03 10 00 00 00 D0 00 10 00 01 00 00 00 ........Ð....... 98 00 00 00 00 00 00 00 00 00 00 00 CF 49 86 61 ~...........ÏI?a 36 B6 D5 11 AA 87 00 04 AC 4C 35 27 60 EA 00 00 6¶Õ.ª?..¬L5'`ê.. 06 00 00 00 10 27 00 00 3B 01 0E 00 C8 D1 11 12 .....'..;...ÈÑ.. 30 00 00 00 00 00 00 00 30 00 00 00 2F 4F 3D 43 0.......0.../O=C 4F 52 50 43 4F 4D 20 4F 55 54 44 4F 4F 52 2F 4F ORPCOM OUTDOOR/O 55 3D 43 4F 52 50 43 4F 4D 2F 43 4E 3D 52 45 43 U=CORPCOM/CN=REC 49 50 49 45 4E 54 53 2F 43 4E 3D 00 38 40 16 12 IPIENTS/CN=.8@.. 0F 00 00 00 00 00 00 00 0F 00 00 00 4C 69 6E 64 ............Lind 61 20 4C 65 76 65 6E 64 61 67 00 4D 05 00 5D 0A a Levendag.M..]. 17 00 05 00 03 0B 00 00 24 82 3C 1C 00 00 00 00 ........$,<..... 54 0A A7 19 DA 5C E4 79 0A 02 08 00 88 E2 08 00 T.§.Ú\äy....^â.. 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Server -> Client 05 00 00 03 10 00 00 00 A0 00 10 00 02 00 00 00 ........ ....... 6E 00 00 00 00 00 02 00 00 00 00 00 CF 49 86 61 n...........ÏI?a 36 B6 D5 11 AA 87 00 04 AC 4C 35 27 00 02 00 00 6¶Õ.ª?..¬L5'.... 00 00 00 00 49 00 00 00 E0 A5 5B A5 A5 A4 A9 A5 ....I...à¥[¥¥¤©¥ A5 A5 A5 A5 A5 A5 90 A5 8A CA 98 E6 CA D7 D5 C6 ¥¥¥¥¥¥?¥SÊ~æÊ×ÕÆ CA C8 85 EA D0 D1 C1 CA CA D7 8A CA D0 98 E6 EA ÊÈ?êÐÑÁÊÊ×SÊÐ~æê F7 F5 E6 EA E8 8A C6 CB 98 F7 C0 C6 CC D5 CC C0 ÷õæêèSÆË~÷ÀÆÌÕÌÀ CB D1 D6 8A C6 CB 98 E9 CC CB C1 C4 A5 5A 5A 5A ËÑÖSÆË~éÌËÁÄ¥ZZZ 5A 00 49 00 00 02 00 00 0A 02 02 00 88 E2 08 00 Z.I.........^â.. 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Client -> Server 05 00 02 03 10 00 00 00 10 01 10 00 02 00 00 00 ................ D4 00 00 00 00 00 00 00 00 00 00 00 CF 49 86 61 Ô...........ÏI?a 36 B6 D5 11 AA 87 00 04 AC 4C 35 27 00 02 00 00 6¶Õ.ª?..¬L5'.... 00 00 00 00 AC 00 00 00 0D A5 5B A5 A5 A5 A5 A5 ....¬....¥[¥¥¥¥¥ A4 A4 A5 A5 A5 A5 A5 99 25 A4 A5 A5 A5 A5 A5 99 ¤¤¥¥¥¥¥?%¤¥¥¥¥¥? 27 A4 A5 A5 A5 A5 A5 99 26 A4 A5 A5 A5 A5 A5 99 '¤¥¥¥¥¥?&¤¥¥¥¥¥? 24 A4 A5 A5 A5 A5 A5 99 21 A4 A5 A5 A5 A5 A5 99 $¤¥¥¥¥¥?!¤¥¥¥¥¥? 20 A4 A5 A5 A5 A5 A5 99 23 A4 A5 A5 A5 A5 A5 99 ¤¥¥¥¥¥?#¤¥¥¥¥¥? 22 A4 A5 A5 A5 A5 A5 99 2F A4 A5 A5 A5 A5 A5 99 "¤¥¥¥¥¥?/¤¥¥¥¥¥? 2E A4 A5 A5 A5 A5 A5 99 2D A4 A5 A5 A5 A5 A5 99 .¤¥¥¥¥¥?-¤¥¥¥¥¥? 2C A4 A5 A5 A5 A5 A5 99 29 A2 83 CF D2 42 C2 EE ,¤¥¥¥¥¥?)¢fÏÒBÂî 70 B4 0F CB A5 A1 09 E9 90 82 A4 A5 1C AA 6C BD p´.Ë¥¡.é?,¤¥.ªl½ C3 EE 70 B4 0F C8 A5 A1 09 E9 90 82 B7 B5 AF A4 Ãîp´.È¥¡.é?,·µ¯¤ A4 AF 74 A2 A5 07 67 BB AA F9 1A A4 A5 A5 A5 A4 ¤¯t¢¥.g»ªù.¤¥¥¥¤ 61 AD A5 A5 AC 00 A5 A5 00 00 00 00 AD A5 A5 A5 a¥¥¬.¥¥....¥¥¥ AC A5 A5 A5 A2 A5 A5 A5 0A 02 0C 00 88 E2 08 00 ¬¥¥¥¢¥¥¥....^â.. 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Server -> Client 05 00 00 03 10 00 00 00 80 00 10 00 03 00 00 00 ........?....... 44 00 00 00 00 00 02 00 00 00 00 00 CF 49 86 61 D...........ÏI?a 36 B6 D5 11 AA 87 00 04 AC 4C 35 27 00 16 00 00 6¶Õ.ª?..¬L5'.... 00 00 00 00 1F 00 00 00 BE A5 A2 A5 A5 A5 A5 A5 ........¾¥¢¥¥¥¥¥ A5 A1 A5 A7 A4 BC C3 A7 A4 BE C3 BB A5 B9 C3 A7 ¥¡¥§¤¼Ã§¤¾Ã»¥¹Ã§ A4 94 C3 61 AD A5 A5 5D 1F 00 00 16 C9 11 9F E8 ¤?Ãa¥¥]....É.Yè 08 00 2B 10 48 60 02 00 0A 02 0C 00 88 E2 08 00 ..+.H`......^â.. 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Client -> Server 05 00 02 03 10 00 00 00 20 01 10 00 03 00 00 00 ........ ....... F0 00 00 00 00 00 00 00 00 00 00 00 CF 49 86 61 ð...........ÏI?a 36 B6 D5 11 AA 87 00 04 AC 4C 35 27 00 16 00 00 6¶Õ.ª?..¬L5'.... 00 00 00 00 CA 00 00 00 63 A5 A2 A5 A5 A5 A5 A5 ....Ê...c¥¢¥¥¥¥¥ A4 A5 F4 A5 A5 A5 A5 A5 79 02 E5 6D 65 E7 B5 BF ¤¥ô¥¥¥¥¥y.åme絿 11 1C AD A5 8E 8A 44 27 A4 A5 A5 A5 A5 A5 A5 A5 ..¥?SD'¤¥¥¥¥¥¥¥ 8A EA 98 E6 EA F7 F5 E6 EA E8 85 EA F0 F1 E1 EA Sê~æê÷õæêè?êðñáê EA F7 8A EA F0 98 E6 EA F7 F5 E6 EA E8 8A E6 EB ê÷Sêð~æê÷õæêèSæë 98 F7 E0 E6 EC F5 EC E0 EB F1 F6 8A E6 EB 98 E9 ~÷àæìõìàëñöSæë~é EC EB E1 E4 A5 A5 F4 A5 A5 A5 A5 A5 79 02 E5 6D ìëá䥥ô¥¥¥¥¥y.åm 65 E7 B5 BF 11 1C AD A5 8E 8A 44 27 A4 A5 A5 A5 e絿..¥?SD'¤¥¥¥ A5 A5 A5 A5 8A EA 98 E6 EA F7 F5 E6 EA E8 85 EA ¥¥¥¥Sê~æê÷õæêè?ê F0 F1 E1 EA EA F7 8A EA F0 98 E6 EA F7 F5 E6 EA ðñáêê÷Sêð~æê÷õæê E8 8A E6 EB 98 F7 E0 E6 EC F5 EC E0 EB F1 F6 8A èSæë~÷àæìõìàëñöS E6 EB 98 E9 EC EB E1 E4 A5 A5 E9 CC CB C1 C4 85 æë~éìëá䥥éÌËÁÄ? E9 C0 D3 C0 CB C1 C4 C2 A5 AF A0 A5 A2 25 61 AD éÀÓÀËÁÄÂ¥¯ ¥¢%a A5 A5 CA 00 00 00 00 00 0A 02 00 00 88 E2 08 00 ¥¥Ê.........^â.. 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ .. .. ..etc. ############################################################################## Any Hints/Ideas what this was? tx. E. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 08:48:43 PDT