RE: SHELLCODE x86 NOOP

From: Steve Halligan (agent33at_private)
Date: Thu Oct 04 2001 - 08:50:02 PDT
Next message: VanMeter, John: "virus/worm threats"
Previous message: Guy Poizat: "Automated scan-for-webserver-vulns tool ?"
Maybe in reply to: Dan Terhesiu: "SHELLCODE x86 NOOP"
Next in thread: Michal Nazarewicz: "Re: SHELLCODE x86 NOOP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
The .ida alert in this case is a misfiring alert.  It triggered on the
.idata in the payload of this packet.  This NOOP alert is more interesting
(in fact the packet that caused the .ida misfire would have triggered a NOOP
alert if it hadn't triggered the ida alert.)  This NOOP could be something
bad, or it could be someone doing an HTTP download of a binary from your
webserver.  Do you have any binaries for download?  Keep in mind that a
binary attachment to an email could trigger this if you are running a
web-based email system.

-Steve

> -----Original Message-----
> From: Dan Terhesiu [mailto:danteat_private]
> Sent: Thursday, October 04, 2001 4:33 AM
> To: incidentsat_private
> Subject: SHELLCODE x86 NOOP
> 
> 
> 
> 	Hello to all of you.
> 
> 	I've seen this morning several (aprox. 82, as reported by
> snort) alerts containig "SHELLCODE x86 NOOP". Almost all the 
> connections
> begin with a "WEB-IIS ISAPI .ida access" alert. I've searched 
> on google
> about this x86 SHELLCODE, but there is nothing about :80 port
> there. Because I'm new to this field, I'm asking for your 
> help: is this
> something I should worry about? 
> 
> 	Thank you for any help.
> 
> 
> 	Here is an example from my alert log:
> 
> [**] WEB-IIS ISAPI .ida access [**]
> 10/04-01:55:24.944782 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD 
> type:0x800 len:0x24E
> 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 
> TOS:0x0 ID:53830
> IpLen:20 DgmLen:576 DF
> ***A**** Seq: 0x42156F  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
> 00 00 00 00 00 00 00 00 00 00 60 04 00 A0 00 00  ..........`.....
> 00 00 80 04 00 1C 1D 00 00 00 00 00 00 00 00 00  ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
> 00 18 64 04 00 78 03 00 00 00 00 00 00 00 00 00  ..d..x..........
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
> 00 2E 74 65 78 74 00 00 00 96 91 02 00 00 10 00  ..text..........
> 00 00 92 02 00 00 04 00 00 00 00 00 00 00 00 00  ................
> 00 00 00 00 00 20 00 00 60 2E 72 64 61 74 61 00  ..... ..`.rdata.
> 00 FB 2E 00 00 00 B0 02 00 00 30 00 00 00 96 02  ..........0.....
> 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00  .............@..
> 40 2E 64 61 74 61 00 00 00 10 72 01 00 00 E0 02  @.data....r.....
> 00 00 76 00 00 00 C6 02 00 00 00 00 00 00 00 00  ..v.............
> 00 00 00 00 00 40 00 00 C0 2E 69 64 61 74 61 00  .....@....idata.
> 00 F2 14 00 00 00 60 04 00 00 16 00 00 00 3C 03  ......`.......<.
> 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00  .............@..
> C0 2E 72 73 72 63 00 00 00 1C 1D 00 00 00 80 04  ..rsrc..........
> 00 00 1E 00 00 00 52 03 00 00 00 00 00 00 00 00  ......R.........
> 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00  .....@..@.......
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
> 00 00 00 00 00 00 00 00                          ........
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> =+=+=+=+=+=+
> 
> [**] SHELLCODE x86 NOOP [**]
> 10/04-01:55:36.942082 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD 
> type:0x800 len:0x24E
> 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 
> TOS:0x0 ID:44615
> IpLen:20 DgmLen:576 DF
> ***A**** Seq: 0x42E847  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
> C3 8B 4C 24 04 81 E1 FF 00 00 00 8A 81 B0 01 43  ..L$...........C
> 00 C3 90 90 90 90 90 90 90 90 90 90 90 90 90 90  ................
> 90 A1 4C 38 44 00 85 C0 74 10 8B 44 24 04 25 FF  ..L8D...t..D$.%.
> 00 00 00 8A 80 B0 00 43 00 C3 A1 50 38 44 00 85  .......C...P8D..
> C0 74 11 8B 4C 24 04 81 E1 FF 00 00 00 8A 81 B0  .t..L$..........
> 02 43 00 C3 A1 54 38 44 00 85 C0 74 11 8B 54 24  .C...T8D...t..T$
> 04 81 E2 FF 00 00 00 8A 82 B0 03 43 00 C3 8A 44  ...........C...D
> 24 04 C3 90 90 90 90 90 90 90 90 90 90 90 90 90  $...............
> 90 A1 58 38 44 00 85 C0 74 10 8B 44 24 04 25 FF  ..X8D...t..D$.%.
> 00 00 00 8A 80 B0 05 43 00 C3 8A 44 24 04 C3 90  .......C...D$...
> 90 A1 2C 68 43 00 81 EC B4 01 00 00 53 33 DB 56  ..,hC.......S3.V
> 3B C3 57 0F 84 A0 01 00 00 39 1D 28 68 43 00 0F  ;.W......9.(hC..
> 85 A6 00 00 00 66 39 1D 24 68 43 00 75 4A A1 BC  .....f9.$hC.uJ..
> 40 44 00 8D 4C 24 14 51 C7 44 24 18 03 00 00 00  @D..L$.Q.D$.....
> C7 44 24 1C 40 E2 40 00 89 5C 24 20 89 5C 24 24  .D$.@.@..\$ .\$$
> 89 44 24 28 89 5C 24 2C 89 5C 24 30 89 5C 24 34  .D$(.\$,.\$0.\$4
> 89 5C 24 38 C7 44 24 3C B8 06 43 00 FF 15 28 66  .\$8.D$<..C...(f
> 44 00 66 A3 24 68 43 00 8B 35 78 66 44 00 6A 18  D.f.$hC..5xfD.j.
> FF D6 6A 17 A3 18 68 43 00 FF D6 8D 54 24 6C A3  ..j...hC....T$l.
> 1C 68 43 00 53 B9 55 00 00 00 33 C0 8D 7C 24 70  .hC.S.U...3..|$p
> 52 68 54 01 00 00 F3 AB 6A 29 C7 44 24 7C 54 01  RhT.....j).D$|T.
> 00 00 FF 15 7C 66 44 00 8D 84 24 48 01 00 00 50  ....|fD...$H...P
> FF 15 60 64 44 00 A3 20 68 43 00 8B 8C 24 CC 01  ..`dD.. hC...$..
> 00 00 8B 94 24 C8 01 00 00 51 52 8D 44 24 54 68  ....$....QR.D$Th
> B0 06 43 00 50 E8 47 3A 01 00 A1 28 68 43 00 83  ..C.P.G:...(hC..
> C4 10 3B C3 0F 85 B3 00 00 00 53 FF 15 88 64 44  ..;.......S...dD
> 00 8D 4C 24 0C 8B F0 51 8D 7C 24 50 83 C9 FF 33  ..L$...Q.|$P...3
> C0 F2 AE F7 D1 49 8D 54 24 50 51 52 56 FF 15 64  .....I.T$PQRV..d
> 64 44 00 56 FF 15 A0 64 44 00 8B 8C 24 C4 01 00  dD.V...dD...$...
> 00 8D 44 24 3C 50 51 FF 15 20 66 44 00 8B 44 24  ..D$<PQ.. fD..D$
> 3C 83 F8 10 8B C8 7D 05 B9 10 00 00 00 8B 44 24  <.....}.......D$
> 40 8B 54 24 10 2B C2 83 F8 10 7D 05 B8 10 00 00  @.T$.+....}.....
> 00 8B 35 BC 40 44 00 53 56 53 53 52 8B 54 24 20  ..5.@D.SVSSR.T$ 
> 52 50 51 8B 0D 24 68 43                          RPQ..$hC
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> =+=+=+=+=+=+
> 
> [**] SHELLCODE x86 NOOP [**]
> 10/04-01:55:37.521677 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD 
> type:0x800 len:0xCE
> 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 
> TOS:0x0 ID:46919
> IpLen:20 DgmLen:192 DF
> ***AP*** Seq: 0x42F0A7  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
> F8 22 75 06 B8 58 08 43 00 C3 83 F8 23 75 06 B8  ."u..X.C....#u..
> 4C 08 43 00 C3 83 F8 24 75 06 B8 40 08 43 00 C3  L.C....$u..@.C..
> 83 F8 00 43 00 C3 83 F8 26 75 06 B8 28 08 43 00  ...C....&u..(.C.
> C3 83 F8 27 75 06 B8 1C 08 43 00 C3 3D FF 00 00  ...'u....C..=...
> 00 B8 14 08 43 00 74 05 B8 08 08 43 00 C3 90 90  ....C.t....C....
> 90 90 90 90 90 90 90 90 90 90 90 90 8B 44 24 10  .............D$.
> 85 C0 75 10 8B 44 24 04 50 E8 FE 14 00 00 83 C4  ..u..D$.P.......
> 04 33 C0 C3 8B 4C 24 0C 50 51 E8 0D 00 00 00 83  .3...L$.PQ......
> C4 08 B8 01 00 00 00 C3 90 90 90 90 8B 44 24 08  .............D$.
> 8B C8 48 24 08 8B C8 48                          ..H$...H
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> =+=+=+=+=+=+
> 
> [**] SHELLCODE x86 NOOP [**]
> 10/04-01:55:37.998818 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD 
> type:0x800 len:0x24E
> 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 
> TOS:0x0 ID:50247
> IpLen:20 DgmLen:576 DF
> ***A**** Seq: 0x42F56F  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
> 50 51 E8 F2 F8 FF FF 83 C4 08 C7 46 14 03 00 00  PQ.........F....
> 00 5E C3 90 90 90 90 90 90 56 8B 74 24 08 81 3E  .^.......V.t$..>
> FB 00 00 00 75 28 83 7E 10 27 75 22 83 3D 24 07  ....u(.~.'u".=$.
> 43 00 02 75 19 6A 24 68 FB 00 00 00 E8 B8 F8 FF  C..u.j$h........
> FF 83 C4 08 C7 05 24 07 43 00 00 00 00 00 6A 00  ......$.C.....j.
> 56 E8 03 FF FF FF 83 C4 08 5E C3 90 90 90 90 90  V........^......
> 90 90 90 90 90 90 90 90 90 8B 0D 34 68 43 00 81  ...........4hC..
> EC A4 08 00 00 8D 41 E8 53 56 83 F8 0F 57 0F 87  ......A.SV...W..
> C9 03 00 00 33 D2 8A 90 64 F1 40 00 FF 24 95 50  ....3...d.@..$.P
> F1 40 00 83 3D 30 68 43 00 01 0F 85 CE 00 00 00  .@..=0hC........
> A1 40 68 43 00 80 38 01 0F 85 C0 00 00 00 BF F4  .@hC..8.........
> 2F 44 00 83 C9 FF 33 C0 8D 94 24 B4 00 00 00 F2  /D....3...$.....
> AE F7 D1 2B F9 C6 84 24 B0 00 00 00 FF 8B C1 8B  ...+...$........
> F7 8B FA C6 84 24 B1 00 00 00 FA C1 E9 02 C6 84  .....$..........
> 24 B2 00 00 00 20 C6 84 24 B3 00 00 00 00 F3 A5  $.... ..$.......
> 8B C8 33 C0 83 E1 03 8B 15 3C 68 43 00 F3 A4 BF  ..3......<hC....
> F4 2F 44 00 83 C9 FF F2 AE F7 D1 83 C1 03 C6 84  ./D.............
> 0C B0 00 00 00 FF C6 84 0C B1 00 00 00 F0 83 C1  ................
> 02 51 8D 8C 24 B4 00 00 00 51 52 E8 79 12 00 00  .Q..$....QR.y...
> 83 C4 0C 68 34 0A 43 00 E8 DC A0 FF FF 83 C4 04  ...h4.C.........
> 8D 44 24 40 68 F4 2F 44 00 68 1C 0A 43 00 50 E8  .D$@h./D.h..C.P.
> 55 2D 01 00 83 C4 0C 8D 4C 24 40 51 E8 B8 A0 FF  U-......L$@Q....
> FF 83 C4 04 5F 5E 5B 81 C4 A4 08 00 00 C3 68 F8  ...._^[.......h.
> 09 43 00 E8 A1 A0 FF FF 83 C4 04 5F 5E 5B 81 C4  .C........._^[..
> A4 08 00 00 C3 83 3D 30 68 43 00 01 0F 85 CD 00  ......=0hC......
> 00 00 8B 15 40 68 43 00 80 3A 01 0F 85 BE 00 00  ....@hC..:......
> 00 A0 D4 2F 44 00 33 C9 84 C0 C6 84 24 B0 00 00  .../D.3.....$...
> 00 FF C6 84 24 B1 00 00 00 FA C6 84 24 B2 00 00  ....$.......$...
> 00 18 C6 84 24 B3 00 00 00 00 74 25 3C 61 7C 0C  ....$.....t%<a|.
> 3C 7A 7F 08 0F BE C0 83 E8 20 EB 03 0F BE C0 88  <z....... ......
> 84 0C B4 00 00 00 8A 81 D5 2F 44 00 41 84 C0 75  ........./D.A..u
> DB 8D B4 0C B4 00 00 00 83 C1 06 51 8D 84 24 B4  ...........Q..$.
> 00 00 00 C6 06 FF C6 84 0C B3 00 00 00 F0 8B 0D  ................
> 3C 68 43 00 50 51 E8 8E                          <hC.PQ..
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> =+=+=+=+=+=+
> 
> [**] SHELLCODE x86 NOOP [**]
> 10/04-01:55:40.016927 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD 
> type:0x800 len:0x24E
> 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 
> TOS:0x0 ID:56391
> IpLen:20 DgmLen:576 DF
> ***A**** Seq: 0x42EA5F  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
> 00 8D 44 24 6C 68 00 00 00 80 81 E1 FF FF 00 00  ..D$lh..........
> 50 51 68 88 00 00 00 FF 15 18 66 44 00 6A 04 50  PQh.......fD.j.P
> A3 28 68 43 00 FF 15 30 66 44 00 5F 5E 5B 81 C4  .(hC...0fD._^[..
> B4 01 00 00 C3 8D 54 24 4C 52 50 FF 15 38 66 44  ......T$LRP..8fD
> 00 5F 5E 5B 81 C4 B4 01 00 00 C3 90 90 90 90 90  ._^[............
> 90 90 90 90 90 90 90 90 90 8B 44 24 08 83 EC 50  ..........D$...P
> 83 C0 FE 53 8B 5C 24 64 55 8B 6C 24 5C 56 3D 82  ...S.\$dU.l$\V=.
> 00 00 00 57 0F 87 A8 01 00 00 33 C9 8A 88 40 E4  ...W......3...@.
> 40 00 FF 24 8D 28 E4 40 00 B8 01 00 00 00 5F 5E  @..$.(.@......_^
> 5D 5B 83 C4 50 C2 10 00 8B 7C 24 64 8D 54 24 20  ][..P....|$d.T$ 
> 52 57 FF 15 04 67 44 00 8B 1D 40 64 44 00 8B F0  RW...gD...@dD...
> A1 20 68 43 00 50 56 FF D3 6A 07 FF 15 B4 64 44  . hC.PV..j....dD
> 00 50 56 FF D3 8B 0D 18 68 43 00 51 FF 15 54 64  .PV.....hC.Q..Td
> 44 00 50 56 89 44 24 74 FF D3 8D 54 24 10 52 57  D.PV.D$t...T$.RW
> 89 44 24 78 FF 15 14 66 44 00 8B 44 24 1C 8B 4C  .D$x...fD..D$..L
> 24 18 8B 54 24 14 50 8B 44 24 14 51 52 50 56 FF  $..T$.P.D$.QRPV.
> 15 58 64 44 00 57 FF 15 70 66 44 00 89 44 24 68  .XdD.W..pfD..D$h
> 40 50 89 44 24 68 E8 3E 21 00 00 8B 4C 24 68 83  @P.D$h.>!...L$h.
> C4 04 8B E8 51 55 57 FF 15 74 66 44 00 8B 15 1C  ....QUW..tfD....
> 68 43 00 52 56 FF 15 48 64 44 00 A1 18 68 43 00  hC.RV..HdD...hC.
> 50 56 FF 15 90 64 44 00 8B 4C 24 68 8B 54 24 14  PV...dD..L$h.T$.
> 8B 44 24 10 51 83 C2 03 55 83 C0 03 52 50 56 FF  .D$.Q...U...RPV.
> 15 5C 64 44 00 55 E8 7E 21 00 00 8B 4C 24 74 83  .\dD.U.~!...L$t.
> C4 04 51 56 FF D3 8B 54 24 6C 52 FF 15 84 64 44  ..QV...T$lR...dD
> 00 8D 44 24 20 50 57 FF 15 08 67 44 00 33 C0 5F  ..D$ PW...gD.3._
> 5E 5D 5B 83 C4 50 C2 10 00 83 C8 FF 5F 5E 5D 5B  ^][..P......_^][
> 83 C4 50 C2 10 00 8B 0D 20 68 43 00 51 FF 15 84  ..P..... hC.Q...
> 64 44 00 C7 05 20 68 43 00 00 00 00 00 EB 63 6A  dD... hC......cj
> 00 FF 15 88 64 44 00 8B 15 20 68 43 00 8B F0 52  ....dD... hC...R
> 56 FF 15 40 64 44 00 8D 44 24 10 8B FB 50 83 C9  V..@dD..D$...P..
> FF 33 C0 F2 AE F7 D1 49 51 53 56 FF 15 64 64 44  .3.....IQSV..ddD
> 00 6A 16 8B 4C 24 18 8B 54 24 14 83 C1 06 83 C2  .j..L$..T$......
> 06 51 52 6A 00 6A 00 6A 00 55 FF 15 F8 65 44 00  .QRj.j.j.U...eD.
> 6A 00 6A 00 55 FF 15 50                          j.j.U..P
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> =+=+=+=+=+=+
> 
> [**] SHELLCODE x86 NOOP [**]
> 10/04-01:55:47.561147 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD 
> type:0x800 len:0x24E
> 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 
> TOS:0x0 ID:35933
> IpLen:20 DgmLen:576 DF
> ***A**** Seq: 0x438417  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
> 56 02 88 46 04 8B C1 8B D1 C1 E8 08 C1 EA 10 88  V..F............
> 46 06 8B 44 24 30 88 56 05 88 4E 07 83 C4 10 83  F..D$0.V..N.....
> C6 08 48 8B E9 89 44 24 20 0F 85 62 FF FF FF 89  ..H...D$ ..b....
> BB 48 10 00 00 5F 89 AB 4C 10 00 00 5E 5D 5B 83  .H..._..L...^][.
> C4 08 C3 90 90 90 90 90 90 90 90 90 90 90 90 90  ................
> 90 8B 44 24 08 8B 4C 24 04 68 10 7E 43 00 50 51  ..D$..L$.h.~C.PQ
> E8 0C 00 00 00 83 C4 0C C3 90 90 90 90 90 90 90  ................
> 90 8A 44 24 08 83 EC 0C A8 07 53 55 56 57 74 17  ..D$......SUVWt.
> 68 7D 01 00 00 68 AC 1B 43 00 68 18 1A 43 00 E8  h}...h..C.h..C..
> 1D B2 00 00 83 C4 0C 8B 44 24 28 8B 88 4C 10 00  ........D$(..L..
> 00 8B 98 48 10 00 00 89 4C 24 10 8B 4C 24 24 85  ...H....L$..L$$.
> C9 0F 8E BA 00 00 00 8B 74 24 20 83 C1 07 C1 E9  ........t$ .....
> 03 89 4C 24 24 33 D2 33 C9 8A 36 8A 4E 02 8A 56  ..L$$3.3..6.N..V
> 01 50 C1 E2 08 0B D1 33 C9 8A 4E 03 C1 E2 08 0B  .P.....3..N.....
> D1 33 C9 8A 4E 06 8B FA 33 D2 8A 76 04 8A 56 05  .3..N...3..v..V.
> C1 E2 08 0B D1 33 C9 8A 4E 07 C1 E2 08 0B D1 8B  .....3..N.......
> EA 8D 54 24 18 52 55 57 E8 B4 F9 FF FF 8B 54 24  ..T$.RUW......T$
> 24 8B 44 24 20 8B 4C 24 28 33 DA 33 C1 8B CB 8B  $.D$ .L$(3.3....
> D3 88 5E 03 C1 E9 18 C1 EA 10 88 0E 88 56 01 8B  ..^..........V..
> CB 8B D0 C1 E9 08 C1 EA 18 88 4E 02 88 56 04 8B  ..........N..V..
> C8 8B D0 C1 E9 10 C1 EA 08 88 46 07 8B 44 24 34  ..........F..D$4
> 88 4E 05 88 56 06 83 C4 10 83 C6 08 48 8B DF 89  .N..V.......H...
> 44 24 24 8B 44 24 28 89 6C 24 10 0F 85 54 FF FF  D$$.D$(.l$...T..
> FF 8B 4C 24 10 5F 5E 89 98 48 10 00 00 5D 89 88  ..L$._^..H...]..
> 4C 10 00 00 5B 83 C4 0C C3 90 90 90 90 90 90 90  L...[...........
> 90 81 EC 48 02 00 00 8D 44 24 00 53 56 57 68 07  ...H....D$.SVWh.
> 01 00 00 50 FF 15 4C 65 44 00 BF DC 1B 43 00 83  ...P..LeD....C..
> C9 FF 33 C0 8D 54 24 0C F2 AE F7 D1 2B F9 8B F7  ..3..T$.....+...
> 8B D9 8B FA 83 C9 FF F2 AE 8B CB 4F C1 E9 02 F3  ...........O....
> A5 8B CB 8D 84 24 14 01 00 00 83 E1 03 50 F3 A4  .....$.......P..
> 8D 4C 24 10 51 FF 15 34 65 44 00 8B BC 24 58 02  .L$.Q..4eD...$X.
> 00 00 8B F0 83 FE FF 74 2E 8B 1D 38 65 44 00 8D  .......t...8eD..
> 94 24 14 01 00 00 68 40 01 00 00 52 FF D7 83 C4  .$....h@...R....
> 08 8D 84 24 14 01 00 00                          ...$....
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> =+=+=+=+=+=+
> 
> [**] SHELLCODE x86 NOOP [**]
> 10/04-01:55:55.535563 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD 
> type:0x800 len:0x24E
> 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 TOS:0x0 ID:9856
> IpLen:20 DgmLen:576 DF
> ***A**** Seq: 0x43F56F  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
> 4C 02 FE 8A 0D 88 A4 43 00 A1 98 A4 43 00 8B 15  L......C....C...
> 90 A4 43 00 2A C8 88 4C 02 FF C3 90 90 90 90 90  ..C.*..L........
> 90 90 90 90 90 90 90 90 90 8B 4C 24 04 8D 44 24  ..........L$..D$
> 04 56 50 51 E8 B0 00 00 00 83 C4 08 8B F0 E8 36  .VPQ...........6
> FF FF FF 8B 54 24 08 52 56 E8 1B 00 00 00 83 C4  ....T$.RV.......
> 08 56 E8 82 17 FF FF 83 C4 04 5E C3 90 90 90 90  .V........^.....
> 90 90 90 90 90 90 90 90 90 8B 44 24 08 8B 4C 24  ..........D$..L$
> 04 50 51 E8 01 FE FF FF 8B 15 88 A4 43 00 A1 98  .PQ.........C...
> A4 43 00 8B 0D 90 A4 43 00 2B D0 C1 FA 18 88 54  .C.....C.+.....T
> 01 FC 8B 15 88 A4 43 00 A1 98 A4 43 00 8B 0D 90  ......C....C....
> A4 43 00 2B D0 83 C4 08 C1 FA 10 88 54 01 FD 8B  .C.+........T...
> 15 88 A4 43 00 A1 98 A4 43 00 8B 0D 90 A4 43 00  ...C....C.....C.
> 2B D0 C1 FA 08 88 54 01 FE 8A 15 88 A4 43 00 A1  +.....T......C..
> 98 A4 43 00 8B 0D 90 A4 43 00 2A D0 88 54 01 FF  ..C.....C.*..T..
> C3 90 90 90 90 90 90 90 90 53 8B 5C 24 08 55 56  .........S.\$.UV
> 57 33 FF 66 8B 3B 8D 2C 3F 8D 45 01 50 E8 47 16  W3.f.;.,?.E.P.G.
> FF FF 8B F0 83 C4 04 85 F6 75 0D 68 80 27 43 00  .........u.h.'C.
> E8 C4 65 FE FF 83 C4 04 85 FF C6 06 00 7E 1D 8D  ..e..........~..
> 46 02 8D 0C 2B 33 D2 83 C0 02 8A 51 01 83 E9 02  F...+3.....Q....
> 88 50 FD 8A 51 02 88 50 FE 4F 75 E9 8A 0E 33 C0  .P..Q..P.Ou...3.
> 84 C9 75 11 B1 80 84 4C 30 01 75 09 8A 54 30 01  ..u....L0.u..T0.
> 40 84 D2 74 F1 2B E8 03 C6 8D 7D 01 57 50 56 E8  @..t.+....}.WPV.
> B5 2D 00 00 8B 44 24 24 83 C4 0C 89 38 8B C6 5F  .-...D$$....8.._
> 5E 5D 5B C3 90 90 90 90 90 A1 50 A4 43 00 83 EC  ^][.......P.C...
> 08 85 C0 53 56 74 51 8D 4C 24 0C 8D 54 24 08 51  ...SVtQ.L$..T$.Q
> 8B 0D 88 A4 43 00 52 8B 15 90 A4 43 00 83 C1 FB  ....C.R....C....
> 83 C2 05 51 52 FF 50 08 83 C4 10 85 C0 74 29 8B  ...QR.P......t).
> 44 24 0C 8B 4C 24 08 50 51 C7 05 88 A4 43 00 05  D$..L$.PQ....C..
> 00 00 00 E8 B1 FC FF FF 8B 54 24 10 83 C4 08 52  .........T$....R
> E8 04 16 FF FF 83 C4 04 A1 3C A4 43 00 85 C0 74  .........<.C...t
> 05 8B 48 20 EB 05 B9 08 00 00 00 83 F9 08 7D 05  ..H ..........}.
> B9 08 00 00 00 A1 88 A4 43 00 33 F6 83 C0 04 99  ........C.3.....
> F7 F9 8B C1 2B C2 99 F7 F9 8B 0D 90 A4 43 00 8B  ....+........C..
> DA 83 C3 04 85 DB 88 59                          .......Y
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> =+=+=+=+=+=+
> 
> [**] SHELLCODE x86 NOOP [**]
> 10/04-01:55:58.581281 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD 
> type:0x800 len:0x24E
> 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 
> TOS:0x0 ID:16512
> IpLen:20 DgmLen:576 DF
> ***A**** Seq: 0x442A5F  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
> 00 50 E8 32 00 00 00 83 C4 0C C3 90 90 90 90 90  .P.2............
> 90 90 90 90 90 90 90 90 90 8B 44 24 04 6A 00 6A  ..........D$.j.j
> 01 50 E8 12 00 00 00 83 C4 0C C3 90 90 90 90 90  .P..............
> 90 90 90 90 90 90 90 90 90 A1 F8 26 44 00 53 55  ...........&D.SU
> 8B 6C 24 0C 83 F8 01 56 75 0E 55 FF 15 24 65 44  .l$....Vu.U..$eD
> 00 50 FF 15 08 65 44 00 8B 44 24 14 8B 5C 24 18  .P...eD..D$..\$.
> 85 C0 C7 05 F4 26 44 00 01 00 00 00 88 1D F0 26  .....&D........&
> 44 00 75 3E 8B 0D 08 52 44 00 85 C9 74 22 8B 35  D.u>...RD...t".5
> 04 52 44 00 83 EE 04 3B F1 72 15 8B 06 85 C0 74  .RD....;.r.....t
> 08 FF D0 8B 0D 08 52 44 00 83 EE 04 3B F1 73 EB  ......RD....;.s.
> 68 1C E0 42 00 68 14 E0 42 00 E8 3A 00 00 00 83  h..B.h..B..:....
> C4 08 68 24 E0 42 00 68 20 E0 42 00 E8 28 00 00  ..h$.B.h .B..(..
> 00 83 C4 08 85 DB 75 11 55 C7 05 F8 26 44 00 01  ......u.U...&D..
> 00 00 00 FF 15 0C 65 44 00 5E 5D 5B C3 90 90 90  ......eD.^][....
> 90 90 90 90 90 90 90 90 90 56 8B 74 24 08 57 8B  .........V.t$.W.
> 7C 24 10 3B F7 73 0F 8B 06 85 C0 74 02 FF D0 83  |$.;.s.....t....
> C6 04 3B F7 72 F1 5F 5E C3 A1 38 27 44 00 83 EC  ..;.r._^..8'D...
> 08 85 C0 53 75 1E 8B 44 24 10 83 F8 41 0F 8C DD  ...Su..D$...A...
> 00 00 00 83 F8 5A 0F 8F D4 00 00 00 83 C0 20 5B  .....Z........ [
> 83 C4 08 C3 8B 5C 24 10 81 FB 00 01 00 00 7D 2C  .....\$.......},
> 83 3D 9C 2C 43 00 01 7E 0D 6A 01 53 E8 F8 00 00  .=.,C..~.j.S....
> 00 83 C4 08 EB 0B A1 90 2A 43 00 8A 04 58 83 E0  ........*C...X..
> 01 85 C0 75 07 8B C3 5B 83 C4 08 C3 8B 15 90 2A  ...u...[.......*
> 43 00 8B C3 C1 F8 08 8B C8 81 E1 FF 00 00 00 F6  C...............
> 44 4A 01 80 74 14 88 44 24 10 88 5C 24 11 C6 44  DJ..t..D$..\$..D
> 24 12 00 B8 02 00 00 00 EB 0E 88 5C 24 10 C6 44  $..........\$..D
> 24 11 00 B8 01 00 00 00 6A 00 8D 4C 24 08 6A 03  $.......j..L$.j.
> 51 8D 54 24 1C 50 A1 38 27 44 00 52 68 00 01 00  Q.T$.P.8'D.Rh...
> 00 50 E8 72 32 00 00 83 C4 1C 85 C0 75 07 8B C3  .P.r2.......u...
> 5B 83 C4 08 C3 83 F8 01 75 0E 8B 44 24 04 25 FF  [.......u..D$.%.
> 00 00 00 5B 83 C4 08 C3 8B 44 24 05 8B 4C 24 04  ...[.....D$..L$.
> 25 FF 00 00 00 81 E1 FF 00 00 00 C1 E0 08 0B C1  %...............
> 5B 83 C4 08 C3 90 90 90 90 55 8B EC 56 33 C0 50  [........U..V3.P
> 50 50 50 50 50 50 50 8B                          PPPPPPP.
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> =+=+=+=+=+=+
> 
> [**] SHELLCODE x86 NOOP [**]
> 10/04-01:56:01.991104 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD 
> type:0x800 len:0x24E
> 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 
> TOS:0x0 ID:59781
> IpLen:20 DgmLen:576 DF
> ***A**** Seq: 0x445DCF  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
> 83 C4 08 EB 0F 8B 74 24 08 A1 90 2A 43 00 8A 04  ......t$...*C...
> 70 83 E0 04 85 C0 75 06 83 E6 DF 83 EE 07 8B C6  p.....u.........
> 5E C3 90 90 90 90 90 90 90 8B 4C 24 04 8B 41 04  ^.........L$..A.
> 48 89 41 04 78 0A 8B 11 33 C0 8A 02 42 89 11 C3  H.A.x...3...B...
> 51 E8 33 20 00 00 83 C4 04 C3 90 90 90 90 90 90  Q.3 ............
> 90 90 90 90 90 90 90 90 90 8B 44 24 04 83 F8 FF  ..........D$....
> 74 0E 8B 4C 24 08 51 50 E8 BC 31 00 00 83 C4 08  t..L$.QP..1.....
> C3 90 90 90 90 90 90 90 90 53 8B 5C 24 0C 56 57  .........S.\$.VW
> 8B 7C 24 10 53 FF 07 E8 9D FF FF FF 83 C4 04 8B  .|$.S...........
> F0 56 E8 42 31 00 00 83 C4 04 85 C0 74 1D 8B 37  .V.B1.......t..7
> 53 46 89 37 E8 80 FF FF FF 83 C4 04 8B F0 56 E8  SF.7..........V.
> 25 31 00 00 83 C4 04 85 C0 75 E3 8B C6 5F 5E 5B  %1.......u..._^[
> C3 90 90 90 90 90 90 90 90 A1 2C 27 44 00 53 8B  ..........,'D.S.
> 1D D4 64 44 00 55 56 57 85 C0 75 49 6A 00 6A 00  ..dD.UVW..uIj.j.
> 6A 01 68 E8 A4 43 00 68 00 01 00 00 6A 00 FF D3  j.h..C.h....j...
> 85 C0 74 07 B8 02 00 00 00 EB 25 6A 00 6A 00 6A  ..t.......%j.j.j
> 01 68 D4 DB 42 00 68 00 01 00 00 6A 00 FF 15 D0  .h..B.h....j....
> 64 44 00 85 C0 0F 84 C3 01 00 00 B8 01 00 00 00  dD..............
> A3 2C 27 44 00 8B 74 24 20 85 F6 7E 17 8B 7C 24  .,'D..t$ ..~..|$
> 1C 56 57 E8 B1 01 00 00 8B F0 A1 2C 27 44 00 83  .VW........,'D..
> C4 08 EB 04 8B 7C 24 1C 83 F8 02 75 1D 8B 44 24  .....|$....u..D$
> 28 8B 4C 24 24 8B 54 24 18 50 8B 44 24 18 51 56  (.L$$.T$.P.D$.QV
> 57 52 50 FF D3 5F 5E 5D 5B C3 83 F8 01 0F 85 D2  WRP.._^][.......
> 00 00 00 8B 6C 24 2C C7 44 24 20 00 00 00 00 85  ....l$,.D$ .....
> ED 75 0C 8B 0D 48 27 44 00 89 4C 24 2C 8B E9 6A  .u...H'D..L$,..j
> 00 6A 00 56 57 6A 09 55 FF 15 DC 64 44 00 8B F8  .j.VWj.U...dD...
> 85 FF 75 05 5F 5E 5D 5B C3 8D 14 3F 52 E8 E7 D0  ..u._^][...?R...
> FF FF 8B D8 83 C4 04 85 DB 75 05 5F 5E 5D 5B C3  .........u._^][.
> 8B 44 24 1C 57 53 56 50 6A 01 55 FF 15 DC 64 44  .D$.WSVPj.U...dD
> 00 85 C0 0F 84 EF 00 00 00 8B 6C 24 18 8B 4C 24  ..........l$..L$
> 14 6A 00 6A 00 57 53 55 51 FF 15 D0 64 44 00 8B  .j.j.WSUQ...dD..
> F0 85 F6 0F 84 CF 00 00 00 F7 C5 00 04 00 00 74  ...............t
> 49 8B 44 24 28 85 C0 74 24 3B F0 0F 8F B7 00 00  I.D$(..t$;......
> 00 8B 54 24 24 50 8B 44                          ..T$$P.D
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> =+=+=+=+=+=+
> 
> [**] SHELLCODE x86 NOOP [**]
> 10/04-01:56:02.762176 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD 
> type:0x800 len:0x24E
> 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 
> TOS:0x0 ID:61573
> IpLen:20 DgmLen:576 DF
> ***A**** Seq: 0x446C77  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
> 41 80 38 00 74 F9 3B CA 73 1E 2B D9 3B DA 72 4C  A.8.t.;.s.+.;.rL
> 8B F0 EB 07 25 FF 00 00 00 03 F0 3B 74 24 14 72  ....%......;t$.r
> BD 33 C0 5F 5E 5D 5B C3 8D 04 16 8D 9F F8 00 00  .3._^][.........
> 00 3B C3 73 09 2B CA 89 07 89 4F 04 EB 09 89 2F  .;.s.+....O..../
> C7 47 04 00 00 00 00 8D 04 7F 88 16 8D 14 80 8D  .G..............
> 46 08 C1 E0 04 2B C2 5F 5E 5D 5B C3 5F 5E 5D 33  F....+._^][._^]3
> C0 5B C3 90 90 90 90 90 90 90 90 90 90 90 90 90  .[..............
> 90 8B 4C 24 04 53 55 8B 6C 24 10 56 57 8B 79 10  ..L$.SU.l$.VW.y.
> 8B D5 2B D7 8B 7C 24 1C C1 FA 0C 8B 5C 24 20 33  ..+..|$.....\$ 3
> C0 8D 4C D1 18 33 D2 8A 17 89 4C 24 18 8B F2 3B  ..L..3....L$...;
> F3 76 1B 88 1F 8B 01 2B F3 C7 41 04 F1 00 00 00  .v.....+..A.....
> 03 C6 89 01 B8 01 00 00 00 5F 5E 5D 5B C3 73 70  ........._^][.sp
> 8D 0C 3B 8D 95 F8 00 00 00 3B CA 77 63 8D 14 3E  ..;......;.wc..>
> 3B D1 73 0C 80 3A 00 75 05 42 3B D1 72 F6 3B D1  ;.s..:.u.B;.r.;.
> 75 4E 88 1F 8B 45 00 3B F8 77 34 3B C8 76 30 8D  uN...E.;.w4;.v0.
> 85 F8 00 00 00 3B C8 73 19 89 4D 00 8A 11 33 C0  .....;.s..M...3.
> 84 D2 75 09 8A 54 08 01 40 84 D2 74 F7 89 45 04  ..u..T..@..t..E.
> EB 0D 8D 45 08 C7 45 04 00 00 00 00 89 45 00 8B  ...E..E......E..
> 44 24 18 2B F3 8B 08 03 CE 89 08 B8 01 00 00 00  D$.+............
> 5F 5E 5D 5B C3 90 90 90 90 90 90 90 90 90 90 90  _^][............
> 90 8B 44 24 04 8B 0D E0 41 44 00 3B C1 73 3F 8B  ..D$....AD.;.s?.
> C8 8B D0 C1 F9 05 83 E2 1F 8B 0C 8D E0 40 44 00  .............@D.
> F6 44 D1 04 01 74 27 50 E8 54 2F 00 00 83 C4 04  .D...t'P.T/.....
> 50 FF 15 8C 65 44 00 85 C0 75 08 FF 15 F0 64 44  P...eD...u....dD
> 00 EB 02 33 C0 85 C0 74 12 A3 B4 26 44 00 C7 05  ...3...t...&D...
> B0 26 44 00 09 00 00 00 83 C8 FF C3 90 90 90 90  .&D.............
> 90 8B 44 24 04 8B 0D E0 41 44 00 81 EC 1C 04 00  ..D$....AD......
> 00 3B C1 53 55 56 57 0F 83 91 01 00 00 8B C8 8B  .;.SUVW.........
> F0 C1 F9 05 83 E6 1F 8B 14 8D E0 40 44 00 8D 3C  ...........@D..<
> 8D E0 40 44 00 C1 E6 03 89 7C 24 24 89 74 24 14  ..@D.....|$$.t$.
> 8A 4C 16 04 F6 C1 01 0F 84 61 01 00 00 8B 9C 24  .L.......a.....$
> 38 04 00 00 33 ED 3B DD 89 6C 24 10 89 6C 24 20  8...3.;..l$..l$ 
> 75 0D 33 C0 5F 5E 5D 5B 81 C4 1C 04 00 00 C3 F6  u.3._^][........
> C1 20 74 0C 6A 02 55 50                          . t.j.UP
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> =+=+=+=+=+=+
> 
> [**] SHELLCODE x86 NOOP [**]
> 10/04-01:56:03.631988 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD 
> type:0x800 len:0x24E
> 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111 
> TOS:0x0 ID:63877
> IpLen:20 DgmLen:576 DF
> ***A**** Seq: 0x447DCF  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
> 83 C8 FF 5F 5E 5D 5B C3 33 C0 5F 5E 5D 5B C3 5F  ..._^][.3._^][._
> 5E 5D C7 05 B0 26 44 00 09 00 00 00 C7 05 B4 26  ^]...&D........&
> 44 00 00 00 00 00 83 C8 FF 5B C3 90 90 90 90 90  D........[......
> 90 90 90 90 90 90 90 90 90 56 8B 74 24 08 8B 46  .........V.t$..F
> 0C A8 83 74 25 A8 08 74 21 8B 46 08 50 E8 97 B4  ...t%..t!.F.P...
> FF FF 8B 46 0C 83 C4 04 25 F7 FB FF FF 89 46 0C  ...F....%.....F.
> 33 C0 89 06 89 46 08 89 46 04 5E C3 90 90 90 90  3....F..F.^.....
> 90 90 90 90 90 90 90 90 90 56 8B 74 24 08 57 8B  .........V.t$.W.
> 46 0C A8 83 0F 84 D5 00 00 00 A8 40 0F 85 CD 00  F..........@....
> 00 00 A8 02 74 0B 0C 20 89 46 0C 83 C8 FF 5F 5E  ....t.. .F...._^
> C3 0C 01 A9 0C 01 00 00 89 46 0C 75 0B 56 E8 06  .........F.u.V..
> FD FF FF 83 C4 04 EB 05 8B 46 08 89 06 8B 4E 18  .........F....N.
> 8B 56 08 8B 46 10 51 52 50 E8 9B 00 00 00 83 C4  .V..F.QRP.......
> 0C 89 46 04 85 C0 74 6E 83 F8 FF 74 69 8B 56 0C  ..F...tn...ti.V.
> F6 C2 82 75 32 8B 4E 10 83 F9 FF 74 14 8B F9 C1  ...u2.N....t....
> FF 05 83 E1 1F 8B 3C BD E0 40 44 00 8D 3C CF EB  ......<..@D..<..
> 05 BF B0 51 43 00 8A 4F 04 80 E1 82 80 F9 82 75  ...QC..O.......u
> 06 80 CE 20 89 56 0C 81 7E 18 00 02 00 00 75 14  ... .V..~.....u.
> 8B 4E 0C F6 C1 08 74 0C F6 C5 04 75 07 C7 46 18  .N....t....u..F.
> 00 10 00 00 48 33 D2 89 46 04 8B 06 8A 10 40 89  ....H3..F.....@.
> 06 8B C2 5F 5E C3 8B 4E 0C C7 46 04 00 00 00 00  ..._^..N..F.....
> F7 D8 1B C0 83 E0 10 83 C0 10 0B C8 89 4E 0C 5F  .............N._
> 83 C8 FF 5E C3 90 90 90 90 A1 E0 41 44 00 83 EC  ...^.......AD...
> 0C 53 8B 5C 24 14 55 56 3B D8 57 0F 83 1D 02 00  .S.\$.UV;.W.....
> 00 8B C3 83 E3 1F C1 F8 05 C1 E3 03 8B 0C 85 E0  ................
> 40 44 00 8D 34 85 E0 40 44 00 89 74 24 14 8D 04  @D..4..@D..t$...
> 0B 89 44 24 10 8A 50 04 F6 C2 01 0F 84 ED 01 00  ..D$..P.........
> 00 8B 4C 24 28 8B 7C 24 24 33 ED 8B C7 85 C9 0F  ..L$(.|$$3......
> 84 CF 01 00 00 F6 C2 02 0F 85 C6 01 00 00 F6 C2  ................
> 48 74 1E 8B 54 24 10 8A 52 05 80 FA 0A 74 12 88  Ht..T$..R....t..
> 17 8B 16 8D 47 01 BD 01 00 00 00 49 C6 44 13 05  ....G......I.D..
> 0A 8D 54 24 10 6A 00 52 51 50 8B 06 8B 0C 03 51  ..T$.j.RQP.....Q
> FF 15 54 65 44 00 85 C0 75 48 FF 15 F0 64 44 00  ..TeD...uH...dD.
> 83 F8 05 75 1A A3 B4 26                          ...u...&
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> =+=+=+=+=+=+
> 
> 
> 
> 
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see: http://aris.securityfocus.com
> 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Next message: VanMeter, John: "virus/worm threats"
Previous message: Guy Poizat: "Automated scan-for-webserver-vulns tool ?"
Maybe in reply to: Dan Terhesiu: "SHELLCODE x86 NOOP"
Next in thread: Michal Nazarewicz: "Re: SHELLCODE x86 NOOP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 08:57:53 PDT