Re: SHELLCODE x86 NOOP

From: foobat_private
Date: Fri Oct 05 2001 - 03:33:59 PDT

  • Next message: Ryan Russell: "Re: Weird DNS scans"

    Its detecting the 0x90's in the packet,
    it seems like a bit of a useless rule, as there are
    many ways of performing nops:
    "PZPZPZPZPZ" is a push/pop combination which a equiv.
    to a nop iirc.
    
    The interesting point is that this data looks to be 
    headed towards the server - why is the client sending 
    non-ascii data - only a POST of an image or something
    would make sense. the actual server logs should
    mention the method that ip address used.
    
    hth
    
    On Thu, 4 Oct 2001, Michal Nazarewicz wrote:
    
    > 
    > Siema,
    > 
    > I've had same issue once - and I've discovered this to be one of gif/png
    > files on our web server. So it's a false positive, and I believe one could
    > remove this from his snort configuration. It's nothing important and was a
    > headache for me (until I have removed that line).
    > 
    > Greetings,
    > 	Michal 'CeFeK' Nazarewicz
    > 	EXPLOITed systems
    > 	+48 60? 4 CEFEK
    > 	www.nazarewicz.pl
    > 
    > > -----Original Message-----
    > > From: Steve Halligan [mailto:agent33at_private]
    > > Sent: Thursday, October 04, 2001 5:50 PM
    > > To: 'Dan Terhesiu'; incidentsat_private
    > > Subject: RE: SHELLCODE x86 NOOP
    > >
    > >
    > > The .ida alert in this case is a misfiring alert.  It triggered on the
    > > .idata in the payload of this packet.  This NOOP alert is
    > > more interesting
    > > (in fact the packet that caused the .ida misfire would have
    > > triggered a NOOP
    > > alert if it hadn't triggered the ida alert.)  This NOOP could
    > > be something
    > > bad, or it could be someone doing an HTTP download of a
    > > binary from your
    > > webserver.  Do you have any binaries for download?  Keep in
    > > mind that a
    > > binary attachment to an email could trigger this if you are running a
    > > web-based email system.
    > >
    > > -Steve
    > >
    > > > -----Original Message-----
    > > > From: Dan Terhesiu [mailto:danteat_private]
    > > > Sent: Thursday, October 04, 2001 4:33 AM
    > > > To: incidentsat_private
    > > > Subject: SHELLCODE x86 NOOP
    > > >
    > > >
    > > >
    > > > 	Hello to all of you.
    > > >
    > > > 	I've seen this morning several (aprox. 82, as reported by
    > > > snort) alerts containig "SHELLCODE x86 NOOP". Almost all the
    > > > connections
    > > > begin with a "WEB-IIS ISAPI .ida access" alert. I've searched
    > > > on google
    > > > about this x86 SHELLCODE, but there is nothing about :80 port
    > > > there. Because I'm new to this field, I'm asking for your
    > > > help: is this
    > > > something I should worry about?
    > > >
    > > > 	Thank you for any help.
    > > >
    > > >
    > > > 	Here is an example from my alert log:
    > > >
    > > > [**] WEB-IIS ISAPI .ida access [**]
    > > > 10/04-01:55:24.944782 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD
    > > > type:0x800 len:0x24E
    > > > 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111
    > > > TOS:0x0 ID:53830
    > > > IpLen:20 DgmLen:576 DF
    > > > ***A**** Seq: 0x42156F  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
    > > > 00 00 00 00 00 00 00 00 00 00 60 04 00 A0 00 00  ..........`.....
    > > > 00 00 80 04 00 1C 1D 00 00 00 00 00 00 00 00 00  ................
    > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    > > > 00 18 64 04 00 78 03 00 00 00 00 00 00 00 00 00  ..d..x..........
    > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    > > > 00 2E 74 65 78 74 00 00 00 96 91 02 00 00 10 00  ..text..........
    > > > 00 00 92 02 00 00 04 00 00 00 00 00 00 00 00 00  ................
    > > > 00 00 00 00 00 20 00 00 60 2E 72 64 61 74 61 00  ..... ..`.rdata.
    > > > 00 FB 2E 00 00 00 B0 02 00 00 30 00 00 00 96 02  ..........0.....
    > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00  .............@..
    > > > 40 2E 64 61 74 61 00 00 00 10 72 01 00 00 E0 02  @.data....r.....
    > > > 00 00 76 00 00 00 C6 02 00 00 00 00 00 00 00 00  ..v.............
    > > > 00 00 00 00 00 40 00 00 C0 2E 69 64 61 74 61 00  .....@....idata.
    > > > 00 F2 14 00 00 00 60 04 00 00 16 00 00 00 3C 03  ......`.......<.
    > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00  .............@..
    > > > C0 2E 72 73 72 63 00 00 00 1C 1D 00 00 00 80 04  ..rsrc..........
    > > > 00 00 1E 00 00 00 52 03 00 00 00 00 00 00 00 00  ......R.........
    > > > 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00  .....@..@.......
    > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    > > > 00 00 00 00 00 00 00 00                          ........
    > > >
    > > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
    > > > =+=+=+=+=+=+
    > > >
    > > > [**] SHELLCODE x86 NOOP [**]
    > > > 10/04-01:55:36.942082 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD
    > > > type:0x800 len:0x24E
    > > > 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111
    > > > TOS:0x0 ID:44615
    > > > IpLen:20 DgmLen:576 DF
    > > > ***A**** Seq: 0x42E847  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
    > > > C3 8B 4C 24 04 81 E1 FF 00 00 00 8A 81 B0 01 43  ..L$...........C
    > > > 00 C3 90 90 90 90 90 90 90 90 90 90 90 90 90 90  ................
    > > > 90 A1 4C 38 44 00 85 C0 74 10 8B 44 24 04 25 FF  ..L8D...t..D$.%.
    > > > 00 00 00 8A 80 B0 00 43 00 C3 A1 50 38 44 00 85  .......C...P8D..
    > > > C0 74 11 8B 4C 24 04 81 E1 FF 00 00 00 8A 81 B0  .t..L$..........
    > > > 02 43 00 C3 A1 54 38 44 00 85 C0 74 11 8B 54 24  .C...T8D...t..T$
    > > > 04 81 E2 FF 00 00 00 8A 82 B0 03 43 00 C3 8A 44  ...........C...D
    > > > 24 04 C3 90 90 90 90 90 90 90 90 90 90 90 90 90  $...............
    > > > 90 A1 58 38 44 00 85 C0 74 10 8B 44 24 04 25 FF  ..X8D...t..D$.%.
    > > > 00 00 00 8A 80 B0 05 43 00 C3 8A 44 24 04 C3 90  .......C...D$...
    > > > 90 A1 2C 68 43 00 81 EC B4 01 00 00 53 33 DB 56  ..,hC.......S3.V
    > > > 3B C3 57 0F 84 A0 01 00 00 39 1D 28 68 43 00 0F  ;.W......9.(hC..
    > > > 85 A6 00 00 00 66 39 1D 24 68 43 00 75 4A A1 BC  .....f9.$hC.uJ..
    > > > 40 44 00 8D 4C 24 14 51 C7 44 24 18 03 00 00 00  @D..L$.Q.D$.....
    > > > C7 44 24 1C 40 E2 40 00 89 5C 24 20 89 5C 24 24  .D$.@.@..\$ .\$$
    > > > 89 44 24 28 89 5C 24 2C 89 5C 24 30 89 5C 24 34  .D$(.\$,.\$0.\$4
    > > > 89 5C 24 38 C7 44 24 3C B8 06 43 00 FF 15 28 66  .\$8.D$<..C...(f
    > > > 44 00 66 A3 24 68 43 00 8B 35 78 66 44 00 6A 18  D.f.$hC..5xfD.j.
    > > > FF D6 6A 17 A3 18 68 43 00 FF D6 8D 54 24 6C A3  ..j...hC....T$l.
    > > > 1C 68 43 00 53 B9 55 00 00 00 33 C0 8D 7C 24 70  .hC.S.U...3..|$p
    > > > 52 68 54 01 00 00 F3 AB 6A 29 C7 44 24 7C 54 01  RhT.....j).D$|T.
    > > > 00 00 FF 15 7C 66 44 00 8D 84 24 48 01 00 00 50  ....|fD...$H...P
    > > > FF 15 60 64 44 00 A3 20 68 43 00 8B 8C 24 CC 01  ..`dD.. hC...$..
    > > > 00 00 8B 94 24 C8 01 00 00 51 52 8D 44 24 54 68  ....$....QR.D$Th
    > > > B0 06 43 00 50 E8 47 3A 01 00 A1 28 68 43 00 83  ..C.P.G:...(hC..
    > > > C4 10 3B C3 0F 85 B3 00 00 00 53 FF 15 88 64 44  ..;.......S...dD
    > > > 00 8D 4C 24 0C 8B F0 51 8D 7C 24 50 83 C9 FF 33  ..L$...Q.|$P...3
    > > > C0 F2 AE F7 D1 49 8D 54 24 50 51 52 56 FF 15 64  .....I.T$PQRV..d
    > > > 64 44 00 56 FF 15 A0 64 44 00 8B 8C 24 C4 01 00  dD.V...dD...$...
    > > > 00 8D 44 24 3C 50 51 FF 15 20 66 44 00 8B 44 24  ..D$<PQ.. fD..D$
    > > > 3C 83 F8 10 8B C8 7D 05 B9 10 00 00 00 8B 44 24  <.....}.......D$
    > > > 40 8B 54 24 10 2B C2 83 F8 10 7D 05 B8 10 00 00  @.T$.+....}.....
    > > > 00 8B 35 BC 40 44 00 53 56 53 53 52 8B 54 24 20  ..5.@D.SVSSR.T$
    > > > 52 50 51 8B 0D 24 68 43                          RPQ..$hC
    > > >
    > > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
    > > > =+=+=+=+=+=+
    > > >
    > > > [**] SHELLCODE x86 NOOP [**]
    > > > 10/04-01:55:37.521677 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD
    > > > type:0x800 len:0xCE
    > > > 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111
    > > > TOS:0x0 ID:46919
    > > > IpLen:20 DgmLen:192 DF
    > > > ***AP*** Seq: 0x42F0A7  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
    > > > F8 22 75 06 B8 58 08 43 00 C3 83 F8 23 75 06 B8  ."u..X.C....#u..
    > > > 4C 08 43 00 C3 83 F8 24 75 06 B8 40 08 43 00 C3  L.C....$u..@.C..
    > > > 83 F8 00 43 00 C3 83 F8 26 75 06 B8 28 08 43 00  ...C....&u..(.C.
    > > > C3 83 F8 27 75 06 B8 1C 08 43 00 C3 3D FF 00 00  ...'u....C..=...
    > > > 00 B8 14 08 43 00 74 05 B8 08 08 43 00 C3 90 90  ....C.t....C....
    > > > 90 90 90 90 90 90 90 90 90 90 90 90 8B 44 24 10  .............D$.
    > > > 85 C0 75 10 8B 44 24 04 50 E8 FE 14 00 00 83 C4  ..u..D$.P.......
    > > > 04 33 C0 C3 8B 4C 24 0C 50 51 E8 0D 00 00 00 83  .3...L$.PQ......
    > > > C4 08 B8 01 00 00 00 C3 90 90 90 90 8B 44 24 08  .............D$.
    > > > 8B C8 48 24 08 8B C8 48                          ..H$...H
    > > >
    > > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
    > > > =+=+=+=+=+=+
    > > >
    > > > [**] SHELLCODE x86 NOOP [**]
    > > > 10/04-01:55:37.998818 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD
    > > > type:0x800 len:0x24E
    > > > 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111
    > > > TOS:0x0 ID:50247
    > > > IpLen:20 DgmLen:576 DF
    > > > ***A**** Seq: 0x42F56F  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
    > > > 50 51 E8 F2 F8 FF FF 83 C4 08 C7 46 14 03 00 00  PQ.........F....
    > > > 00 5E C3 90 90 90 90 90 90 56 8B 74 24 08 81 3E  .^.......V.t$..>
    > > > FB 00 00 00 75 28 83 7E 10 27 75 22 83 3D 24 07  ....u(.~.'u".=$.
    > > > 43 00 02 75 19 6A 24 68 FB 00 00 00 E8 B8 F8 FF  C..u.j$h........
    > > > FF 83 C4 08 C7 05 24 07 43 00 00 00 00 00 6A 00  ......$.C.....j.
    > > > 56 E8 03 FF FF FF 83 C4 08 5E C3 90 90 90 90 90  V........^......
    > > > 90 90 90 90 90 90 90 90 90 8B 0D 34 68 43 00 81  ...........4hC..
    > > > EC A4 08 00 00 8D 41 E8 53 56 83 F8 0F 57 0F 87  ......A.SV...W..
    > > > C9 03 00 00 33 D2 8A 90 64 F1 40 00 FF 24 95 50  ....3...d.@..$.P
    > > > F1 40 00 83 3D 30 68 43 00 01 0F 85 CE 00 00 00  .@..=0hC........
    > > > A1 40 68 43 00 80 38 01 0F 85 C0 00 00 00 BF F4  .@hC..8.........
    > > > 2F 44 00 83 C9 FF 33 C0 8D 94 24 B4 00 00 00 F2  /D....3...$.....
    > > > AE F7 D1 2B F9 C6 84 24 B0 00 00 00 FF 8B C1 8B  ...+...$........
    > > > F7 8B FA C6 84 24 B1 00 00 00 FA C1 E9 02 C6 84  .....$..........
    > > > 24 B2 00 00 00 20 C6 84 24 B3 00 00 00 00 F3 A5  $.... ..$.......
    > > > 8B C8 33 C0 83 E1 03 8B 15 3C 68 43 00 F3 A4 BF  ..3......<hC....
    > > > F4 2F 44 00 83 C9 FF F2 AE F7 D1 83 C1 03 C6 84  ./D.............
    > > > 0C B0 00 00 00 FF C6 84 0C B1 00 00 00 F0 83 C1  ................
    > > > 02 51 8D 8C 24 B4 00 00 00 51 52 E8 79 12 00 00  .Q..$....QR.y...
    > > > 83 C4 0C 68 34 0A 43 00 E8 DC A0 FF FF 83 C4 04  ...h4.C.........
    > > > 8D 44 24 40 68 F4 2F 44 00 68 1C 0A 43 00 50 E8  .D$@h./D.h..C.P.
    > > > 55 2D 01 00 83 C4 0C 8D 4C 24 40 51 E8 B8 A0 FF  U-......L$@Q....
    > > > FF 83 C4 04 5F 5E 5B 81 C4 A4 08 00 00 C3 68 F8  ...._^[.......h.
    > > > 09 43 00 E8 A1 A0 FF FF 83 C4 04 5F 5E 5B 81 C4  .C........._^[..
    > > > A4 08 00 00 C3 83 3D 30 68 43 00 01 0F 85 CD 00  ......=0hC......
    > > > 00 00 8B 15 40 68 43 00 80 3A 01 0F 85 BE 00 00  ....@hC..:......
    > > > 00 A0 D4 2F 44 00 33 C9 84 C0 C6 84 24 B0 00 00  .../D.3.....$...
    > > > 00 FF C6 84 24 B1 00 00 00 FA C6 84 24 B2 00 00  ....$.......$...
    > > > 00 18 C6 84 24 B3 00 00 00 00 74 25 3C 61 7C 0C  ....$.....t%<a|.
    > > > 3C 7A 7F 08 0F BE C0 83 E8 20 EB 03 0F BE C0 88  <z....... ......
    > > > 84 0C B4 00 00 00 8A 81 D5 2F 44 00 41 84 C0 75  ........./D.A..u
    > > > DB 8D B4 0C B4 00 00 00 83 C1 06 51 8D 84 24 B4  ...........Q..$.
    > > > 00 00 00 C6 06 FF C6 84 0C B3 00 00 00 F0 8B 0D  ................
    > > > 3C 68 43 00 50 51 E8 8E                          <hC.PQ..
    > > >
    > > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
    > > > =+=+=+=+=+=+
    > > >
    > > > [**] SHELLCODE x86 NOOP [**]
    > > > 10/04-01:55:40.016927 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD
    > > > type:0x800 len:0x24E
    > > > 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111
    > > > TOS:0x0 ID:56391
    > > > IpLen:20 DgmLen:576 DF
    > > > ***A**** Seq: 0x42EA5F  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
    > > > 00 8D 44 24 6C 68 00 00 00 80 81 E1 FF FF 00 00  ..D$lh..........
    > > > 50 51 68 88 00 00 00 FF 15 18 66 44 00 6A 04 50  PQh.......fD.j.P
    > > > A3 28 68 43 00 FF 15 30 66 44 00 5F 5E 5B 81 C4  .(hC...0fD._^[..
    > > > B4 01 00 00 C3 8D 54 24 4C 52 50 FF 15 38 66 44  ......T$LRP..8fD
    > > > 00 5F 5E 5B 81 C4 B4 01 00 00 C3 90 90 90 90 90  ._^[............
    > > > 90 90 90 90 90 90 90 90 90 8B 44 24 08 83 EC 50  ..........D$...P
    > > > 83 C0 FE 53 8B 5C 24 64 55 8B 6C 24 5C 56 3D 82  ...S.\$dU.l$\V=.
    > > > 00 00 00 57 0F 87 A8 01 00 00 33 C9 8A 88 40 E4  ...W......3...@.
    > > > 40 00 FF 24 8D 28 E4 40 00 B8 01 00 00 00 5F 5E  @..$.(.@......_^
    > > > 5D 5B 83 C4 50 C2 10 00 8B 7C 24 64 8D 54 24 20  ][..P....|$d.T$
    > > > 52 57 FF 15 04 67 44 00 8B 1D 40 64 44 00 8B F0  RW...gD...@dD...
    > > > A1 20 68 43 00 50 56 FF D3 6A 07 FF 15 B4 64 44  . hC.PV..j....dD
    > > > 00 50 56 FF D3 8B 0D 18 68 43 00 51 FF 15 54 64  .PV.....hC.Q..Td
    > > > 44 00 50 56 89 44 24 74 FF D3 8D 54 24 10 52 57  D.PV.D$t...T$.RW
    > > > 89 44 24 78 FF 15 14 66 44 00 8B 44 24 1C 8B 4C  .D$x...fD..D$..L
    > > > 24 18 8B 54 24 14 50 8B 44 24 14 51 52 50 56 FF  $..T$.P.D$.QRPV.
    > > > 15 58 64 44 00 57 FF 15 70 66 44 00 89 44 24 68  .XdD.W..pfD..D$h
    > > > 40 50 89 44 24 68 E8 3E 21 00 00 8B 4C 24 68 83  @P.D$h.>!...L$h.
    > > > C4 04 8B E8 51 55 57 FF 15 74 66 44 00 8B 15 1C  ....QUW..tfD....
    > > > 68 43 00 52 56 FF 15 48 64 44 00 A1 18 68 43 00  hC.RV..HdD...hC.
    > > > 50 56 FF 15 90 64 44 00 8B 4C 24 68 8B 54 24 14  PV...dD..L$h.T$.
    > > > 8B 44 24 10 51 83 C2 03 55 83 C0 03 52 50 56 FF  .D$.Q...U...RPV.
    > > > 15 5C 64 44 00 55 E8 7E 21 00 00 8B 4C 24 74 83  .\dD.U.~!...L$t.
    > > > C4 04 51 56 FF D3 8B 54 24 6C 52 FF 15 84 64 44  ..QV...T$lR...dD
    > > > 00 8D 44 24 20 50 57 FF 15 08 67 44 00 33 C0 5F  ..D$ PW...gD.3._
    > > > 5E 5D 5B 83 C4 50 C2 10 00 83 C8 FF 5F 5E 5D 5B  ^][..P......_^][
    > > > 83 C4 50 C2 10 00 8B 0D 20 68 43 00 51 FF 15 84  ..P..... hC.Q...
    > > > 64 44 00 C7 05 20 68 43 00 00 00 00 00 EB 63 6A  dD... hC......cj
    > > > 00 FF 15 88 64 44 00 8B 15 20 68 43 00 8B F0 52  ....dD... hC...R
    > > > 56 FF 15 40 64 44 00 8D 44 24 10 8B FB 50 83 C9  V..@dD..D$...P..
    > > > FF 33 C0 F2 AE F7 D1 49 51 53 56 FF 15 64 64 44  .3.....IQSV..ddD
    > > > 00 6A 16 8B 4C 24 18 8B 54 24 14 83 C1 06 83 C2  .j..L$..T$......
    > > > 06 51 52 6A 00 6A 00 6A 00 55 FF 15 F8 65 44 00  .QRj.j.j.U...eD.
    > > > 6A 00 6A 00 55 FF 15 50                          j.j.U..P
    > > >
    > > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
    > > > =+=+=+=+=+=+
    > > >
    > > > [**] SHELLCODE x86 NOOP [**]
    > > > 10/04-01:55:47.561147 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD
    > > > type:0x800 len:0x24E
    > > > 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111
    > > > TOS:0x0 ID:35933
    > > > IpLen:20 DgmLen:576 DF
    > > > ***A**** Seq: 0x438417  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
    > > > 56 02 88 46 04 8B C1 8B D1 C1 E8 08 C1 EA 10 88  V..F............
    > > > 46 06 8B 44 24 30 88 56 05 88 4E 07 83 C4 10 83  F..D$0.V..N.....
    > > > C6 08 48 8B E9 89 44 24 20 0F 85 62 FF FF FF 89  ..H...D$ ..b....
    > > > BB 48 10 00 00 5F 89 AB 4C 10 00 00 5E 5D 5B 83  .H..._..L...^][.
    > > > C4 08 C3 90 90 90 90 90 90 90 90 90 90 90 90 90  ................
    > > > 90 8B 44 24 08 8B 4C 24 04 68 10 7E 43 00 50 51  ..D$..L$.h.~C.PQ
    > > > E8 0C 00 00 00 83 C4 0C C3 90 90 90 90 90 90 90  ................
    > > > 90 8A 44 24 08 83 EC 0C A8 07 53 55 56 57 74 17  ..D$......SUVWt.
    > > > 68 7D 01 00 00 68 AC 1B 43 00 68 18 1A 43 00 E8  h}...h..C.h..C..
    > > > 1D B2 00 00 83 C4 0C 8B 44 24 28 8B 88 4C 10 00  ........D$(..L..
    > > > 00 8B 98 48 10 00 00 89 4C 24 10 8B 4C 24 24 85  ...H....L$..L$$.
    > > > C9 0F 8E BA 00 00 00 8B 74 24 20 83 C1 07 C1 E9  ........t$ .....
    > > > 03 89 4C 24 24 33 D2 33 C9 8A 36 8A 4E 02 8A 56  ..L$$3.3..6.N..V
    > > > 01 50 C1 E2 08 0B D1 33 C9 8A 4E 03 C1 E2 08 0B  .P.....3..N.....
    > > > D1 33 C9 8A 4E 06 8B FA 33 D2 8A 76 04 8A 56 05  .3..N...3..v..V.
    > > > C1 E2 08 0B D1 33 C9 8A 4E 07 C1 E2 08 0B D1 8B  .....3..N.......
    > > > EA 8D 54 24 18 52 55 57 E8 B4 F9 FF FF 8B 54 24  ..T$.RUW......T$
    > > > 24 8B 44 24 20 8B 4C 24 28 33 DA 33 C1 8B CB 8B  $.D$ .L$(3.3....
    > > > D3 88 5E 03 C1 E9 18 C1 EA 10 88 0E 88 56 01 8B  ..^..........V..
    > > > CB 8B D0 C1 E9 08 C1 EA 18 88 4E 02 88 56 04 8B  ..........N..V..
    > > > C8 8B D0 C1 E9 10 C1 EA 08 88 46 07 8B 44 24 34  ..........F..D$4
    > > > 88 4E 05 88 56 06 83 C4 10 83 C6 08 48 8B DF 89  .N..V.......H...
    > > > 44 24 24 8B 44 24 28 89 6C 24 10 0F 85 54 FF FF  D$$.D$(.l$...T..
    > > > FF 8B 4C 24 10 5F 5E 89 98 48 10 00 00 5D 89 88  ..L$._^..H...]..
    > > > 4C 10 00 00 5B 83 C4 0C C3 90 90 90 90 90 90 90  L...[...........
    > > > 90 81 EC 48 02 00 00 8D 44 24 00 53 56 57 68 07  ...H....D$.SVWh.
    > > > 01 00 00 50 FF 15 4C 65 44 00 BF DC 1B 43 00 83  ...P..LeD....C..
    > > > C9 FF 33 C0 8D 54 24 0C F2 AE F7 D1 2B F9 8B F7  ..3..T$.....+...
    > > > 8B D9 8B FA 83 C9 FF F2 AE 8B CB 4F C1 E9 02 F3  ...........O....
    > > > A5 8B CB 8D 84 24 14 01 00 00 83 E1 03 50 F3 A4  .....$.......P..
    > > > 8D 4C 24 10 51 FF 15 34 65 44 00 8B BC 24 58 02  .L$.Q..4eD...$X.
    > > > 00 00 8B F0 83 FE FF 74 2E 8B 1D 38 65 44 00 8D  .......t...8eD..
    > > > 94 24 14 01 00 00 68 40 01 00 00 52 FF D7 83 C4  .$....h@...R....
    > > > 08 8D 84 24 14 01 00 00                          ...$....
    > > >
    > > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
    > > > =+=+=+=+=+=+
    > > >
    > > > [**] SHELLCODE x86 NOOP [**]
    > > > 10/04-01:55:55.535563 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD
    > > > type:0x800 len:0x24E
    > > > 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111
    > > TOS:0x0 ID:9856
    > > > IpLen:20 DgmLen:576 DF
    > > > ***A**** Seq: 0x43F56F  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
    > > > 4C 02 FE 8A 0D 88 A4 43 00 A1 98 A4 43 00 8B 15  L......C....C...
    > > > 90 A4 43 00 2A C8 88 4C 02 FF C3 90 90 90 90 90  ..C.*..L........
    > > > 90 90 90 90 90 90 90 90 90 8B 4C 24 04 8D 44 24  ..........L$..D$
    > > > 04 56 50 51 E8 B0 00 00 00 83 C4 08 8B F0 E8 36  .VPQ...........6
    > > > FF FF FF 8B 54 24 08 52 56 E8 1B 00 00 00 83 C4  ....T$.RV.......
    > > > 08 56 E8 82 17 FF FF 83 C4 04 5E C3 90 90 90 90  .V........^.....
    > > > 90 90 90 90 90 90 90 90 90 8B 44 24 08 8B 4C 24  ..........D$..L$
    > > > 04 50 51 E8 01 FE FF FF 8B 15 88 A4 43 00 A1 98  .PQ.........C...
    > > > A4 43 00 8B 0D 90 A4 43 00 2B D0 C1 FA 18 88 54  .C.....C.+.....T
    > > > 01 FC 8B 15 88 A4 43 00 A1 98 A4 43 00 8B 0D 90  ......C....C....
    > > > A4 43 00 2B D0 83 C4 08 C1 FA 10 88 54 01 FD 8B  .C.+........T...
    > > > 15 88 A4 43 00 A1 98 A4 43 00 8B 0D 90 A4 43 00  ...C....C.....C.
    > > > 2B D0 C1 FA 08 88 54 01 FE 8A 15 88 A4 43 00 A1  +.....T......C..
    > > > 98 A4 43 00 8B 0D 90 A4 43 00 2A D0 88 54 01 FF  ..C.....C.*..T..
    > > > C3 90 90 90 90 90 90 90 90 53 8B 5C 24 08 55 56  .........S.\$.UV
    > > > 57 33 FF 66 8B 3B 8D 2C 3F 8D 45 01 50 E8 47 16  W3.f.;.,?.E.P.G.
    > > > FF FF 8B F0 83 C4 04 85 F6 75 0D 68 80 27 43 00  .........u.h.'C.
    > > > E8 C4 65 FE FF 83 C4 04 85 FF C6 06 00 7E 1D 8D  ..e..........~..
    > > > 46 02 8D 0C 2B 33 D2 83 C0 02 8A 51 01 83 E9 02  F...+3.....Q....
    > > > 88 50 FD 8A 51 02 88 50 FE 4F 75 E9 8A 0E 33 C0  .P..Q..P.Ou...3.
    > > > 84 C9 75 11 B1 80 84 4C 30 01 75 09 8A 54 30 01  ..u....L0.u..T0.
    > > > 40 84 D2 74 F1 2B E8 03 C6 8D 7D 01 57 50 56 E8  @..t.+....}.WPV.
    > > > B5 2D 00 00 8B 44 24 24 83 C4 0C 89 38 8B C6 5F  .-...D$$....8.._
    > > > 5E 5D 5B C3 90 90 90 90 90 A1 50 A4 43 00 83 EC  ^][.......P.C...
    > > > 08 85 C0 53 56 74 51 8D 4C 24 0C 8D 54 24 08 51  ...SVtQ.L$..T$.Q
    > > > 8B 0D 88 A4 43 00 52 8B 15 90 A4 43 00 83 C1 FB  ....C.R....C....
    > > > 83 C2 05 51 52 FF 50 08 83 C4 10 85 C0 74 29 8B  ...QR.P......t).
    > > > 44 24 0C 8B 4C 24 08 50 51 C7 05 88 A4 43 00 05  D$..L$.PQ....C..
    > > > 00 00 00 E8 B1 FC FF FF 8B 54 24 10 83 C4 08 52  .........T$....R
    > > > E8 04 16 FF FF 83 C4 04 A1 3C A4 43 00 85 C0 74  .........<.C...t
    > > > 05 8B 48 20 EB 05 B9 08 00 00 00 83 F9 08 7D 05  ..H ..........}.
    > > > B9 08 00 00 00 A1 88 A4 43 00 33 F6 83 C0 04 99  ........C.3.....
    > > > F7 F9 8B C1 2B C2 99 F7 F9 8B 0D 90 A4 43 00 8B  ....+........C..
    > > > DA 83 C3 04 85 DB 88 59                          .......Y
    > > >
    > > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
    > > > =+=+=+=+=+=+
    > > >
    > > > [**] SHELLCODE x86 NOOP [**]
    > > > 10/04-01:55:58.581281 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD
    > > > type:0x800 len:0x24E
    > > > 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111
    > > > TOS:0x0 ID:16512
    > > > IpLen:20 DgmLen:576 DF
    > > > ***A**** Seq: 0x442A5F  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
    > > > 00 50 E8 32 00 00 00 83 C4 0C C3 90 90 90 90 90  .P.2............
    > > > 90 90 90 90 90 90 90 90 90 8B 44 24 04 6A 00 6A  ..........D$.j.j
    > > > 01 50 E8 12 00 00 00 83 C4 0C C3 90 90 90 90 90  .P..............
    > > > 90 90 90 90 90 90 90 90 90 A1 F8 26 44 00 53 55  ...........&D.SU
    > > > 8B 6C 24 0C 83 F8 01 56 75 0E 55 FF 15 24 65 44  .l$....Vu.U..$eD
    > > > 00 50 FF 15 08 65 44 00 8B 44 24 14 8B 5C 24 18  .P...eD..D$..\$.
    > > > 85 C0 C7 05 F4 26 44 00 01 00 00 00 88 1D F0 26  .....&D........&
    > > > 44 00 75 3E 8B 0D 08 52 44 00 85 C9 74 22 8B 35  D.u>...RD...t".5
    > > > 04 52 44 00 83 EE 04 3B F1 72 15 8B 06 85 C0 74  .RD....;.r.....t
    > > > 08 FF D0 8B 0D 08 52 44 00 83 EE 04 3B F1 73 EB  ......RD....;.s.
    > > > 68 1C E0 42 00 68 14 E0 42 00 E8 3A 00 00 00 83  h..B.h..B..:....
    > > > C4 08 68 24 E0 42 00 68 20 E0 42 00 E8 28 00 00  ..h$.B.h .B..(..
    > > > 00 83 C4 08 85 DB 75 11 55 C7 05 F8 26 44 00 01  ......u.U...&D..
    > > > 00 00 00 FF 15 0C 65 44 00 5E 5D 5B C3 90 90 90  ......eD.^][....
    > > > 90 90 90 90 90 90 90 90 90 56 8B 74 24 08 57 8B  .........V.t$.W.
    > > > 7C 24 10 3B F7 73 0F 8B 06 85 C0 74 02 FF D0 83  |$.;.s.....t....
    > > > C6 04 3B F7 72 F1 5F 5E C3 A1 38 27 44 00 83 EC  ..;.r._^..8'D...
    > > > 08 85 C0 53 75 1E 8B 44 24 10 83 F8 41 0F 8C DD  ...Su..D$...A...
    > > > 00 00 00 83 F8 5A 0F 8F D4 00 00 00 83 C0 20 5B  .....Z........ [
    > > > 83 C4 08 C3 8B 5C 24 10 81 FB 00 01 00 00 7D 2C  .....\$.......},
    > > > 83 3D 9C 2C 43 00 01 7E 0D 6A 01 53 E8 F8 00 00  .=.,C..~.j.S....
    > > > 00 83 C4 08 EB 0B A1 90 2A 43 00 8A 04 58 83 E0  ........*C...X..
    > > > 01 85 C0 75 07 8B C3 5B 83 C4 08 C3 8B 15 90 2A  ...u...[.......*
    > > > 43 00 8B C3 C1 F8 08 8B C8 81 E1 FF 00 00 00 F6  C...............
    > > > 44 4A 01 80 74 14 88 44 24 10 88 5C 24 11 C6 44  DJ..t..D$..\$..D
    > > > 24 12 00 B8 02 00 00 00 EB 0E 88 5C 24 10 C6 44  $..........\$..D
    > > > 24 11 00 B8 01 00 00 00 6A 00 8D 4C 24 08 6A 03  $.......j..L$.j.
    > > > 51 8D 54 24 1C 50 A1 38 27 44 00 52 68 00 01 00  Q.T$.P.8'D.Rh...
    > > > 00 50 E8 72 32 00 00 83 C4 1C 85 C0 75 07 8B C3  .P.r2.......u...
    > > > 5B 83 C4 08 C3 83 F8 01 75 0E 8B 44 24 04 25 FF  [.......u..D$.%.
    > > > 00 00 00 5B 83 C4 08 C3 8B 44 24 05 8B 4C 24 04  ...[.....D$..L$.
    > > > 25 FF 00 00 00 81 E1 FF 00 00 00 C1 E0 08 0B C1  %...............
    > > > 5B 83 C4 08 C3 90 90 90 90 55 8B EC 56 33 C0 50  [........U..V3.P
    > > > 50 50 50 50 50 50 50 8B                          PPPPPPP.
    > > >
    > > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
    > > > =+=+=+=+=+=+
    > > >
    > > > [**] SHELLCODE x86 NOOP [**]
    > > > 10/04-01:56:01.991104 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD
    > > > type:0x800 len:0x24E
    > > > 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111
    > > > TOS:0x0 ID:59781
    > > > IpLen:20 DgmLen:576 DF
    > > > ***A**** Seq: 0x445DCF  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
    > > > 83 C4 08 EB 0F 8B 74 24 08 A1 90 2A 43 00 8A 04  ......t$...*C...
    > > > 70 83 E0 04 85 C0 75 06 83 E6 DF 83 EE 07 8B C6  p.....u.........
    > > > 5E C3 90 90 90 90 90 90 90 8B 4C 24 04 8B 41 04  ^.........L$..A.
    > > > 48 89 41 04 78 0A 8B 11 33 C0 8A 02 42 89 11 C3  H.A.x...3...B...
    > > > 51 E8 33 20 00 00 83 C4 04 C3 90 90 90 90 90 90  Q.3 ............
    > > > 90 90 90 90 90 90 90 90 90 8B 44 24 04 83 F8 FF  ..........D$....
    > > > 74 0E 8B 4C 24 08 51 50 E8 BC 31 00 00 83 C4 08  t..L$.QP..1.....
    > > > C3 90 90 90 90 90 90 90 90 53 8B 5C 24 0C 56 57  .........S.\$.VW
    > > > 8B 7C 24 10 53 FF 07 E8 9D FF FF FF 83 C4 04 8B  .|$.S...........
    > > > F0 56 E8 42 31 00 00 83 C4 04 85 C0 74 1D 8B 37  .V.B1.......t..7
    > > > 53 46 89 37 E8 80 FF FF FF 83 C4 04 8B F0 56 E8  SF.7..........V.
    > > > 25 31 00 00 83 C4 04 85 C0 75 E3 8B C6 5F 5E 5B  %1.......u..._^[
    > > > C3 90 90 90 90 90 90 90 90 A1 2C 27 44 00 53 8B  ..........,'D.S.
    > > > 1D D4 64 44 00 55 56 57 85 C0 75 49 6A 00 6A 00  ..dD.UVW..uIj.j.
    > > > 6A 01 68 E8 A4 43 00 68 00 01 00 00 6A 00 FF D3  j.h..C.h....j...
    > > > 85 C0 74 07 B8 02 00 00 00 EB 25 6A 00 6A 00 6A  ..t.......%j.j.j
    > > > 01 68 D4 DB 42 00 68 00 01 00 00 6A 00 FF 15 D0  .h..B.h....j....
    > > > 64 44 00 85 C0 0F 84 C3 01 00 00 B8 01 00 00 00  dD..............
    > > > A3 2C 27 44 00 8B 74 24 20 85 F6 7E 17 8B 7C 24  .,'D..t$ ..~..|$
    > > > 1C 56 57 E8 B1 01 00 00 8B F0 A1 2C 27 44 00 83  .VW........,'D..
    > > > C4 08 EB 04 8B 7C 24 1C 83 F8 02 75 1D 8B 44 24  .....|$....u..D$
    > > > 28 8B 4C 24 24 8B 54 24 18 50 8B 44 24 18 51 56  (.L$$.T$.P.D$.QV
    > > > 57 52 50 FF D3 5F 5E 5D 5B C3 83 F8 01 0F 85 D2  WRP.._^][.......
    > > > 00 00 00 8B 6C 24 2C C7 44 24 20 00 00 00 00 85  ....l$,.D$ .....
    > > > ED 75 0C 8B 0D 48 27 44 00 89 4C 24 2C 8B E9 6A  .u...H'D..L$,..j
    > > > 00 6A 00 56 57 6A 09 55 FF 15 DC 64 44 00 8B F8  .j.VWj.U...dD...
    > > > 85 FF 75 05 5F 5E 5D 5B C3 8D 14 3F 52 E8 E7 D0  ..u._^][...?R...
    > > > FF FF 8B D8 83 C4 04 85 DB 75 05 5F 5E 5D 5B C3  .........u._^][.
    > > > 8B 44 24 1C 57 53 56 50 6A 01 55 FF 15 DC 64 44  .D$.WSVPj.U...dD
    > > > 00 85 C0 0F 84 EF 00 00 00 8B 6C 24 18 8B 4C 24  ..........l$..L$
    > > > 14 6A 00 6A 00 57 53 55 51 FF 15 D0 64 44 00 8B  .j.j.WSUQ...dD..
    > > > F0 85 F6 0F 84 CF 00 00 00 F7 C5 00 04 00 00 74  ...............t
    > > > 49 8B 44 24 28 85 C0 74 24 3B F0 0F 8F B7 00 00  I.D$(..t$;......
    > > > 00 8B 54 24 24 50 8B 44                          ..T$$P.D
    > > >
    > > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
    > > > =+=+=+=+=+=+
    > > >
    > > > [**] SHELLCODE x86 NOOP [**]
    > > > 10/04-01:56:02.762176 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD
    > > > type:0x800 len:0x24E
    > > > 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111
    > > > TOS:0x0 ID:61573
    > > > IpLen:20 DgmLen:576 DF
    > > > ***A**** Seq: 0x446C77  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
    > > > 41 80 38 00 74 F9 3B CA 73 1E 2B D9 3B DA 72 4C  A.8.t.;.s.+.;.rL
    > > > 8B F0 EB 07 25 FF 00 00 00 03 F0 3B 74 24 14 72  ....%......;t$.r
    > > > BD 33 C0 5F 5E 5D 5B C3 8D 04 16 8D 9F F8 00 00  .3._^][.........
    > > > 00 3B C3 73 09 2B CA 89 07 89 4F 04 EB 09 89 2F  .;.s.+....O..../
    > > > C7 47 04 00 00 00 00 8D 04 7F 88 16 8D 14 80 8D  .G..............
    > > > 46 08 C1 E0 04 2B C2 5F 5E 5D 5B C3 5F 5E 5D 33  F....+._^][._^]3
    > > > C0 5B C3 90 90 90 90 90 90 90 90 90 90 90 90 90  .[..............
    > > > 90 8B 4C 24 04 53 55 8B 6C 24 10 56 57 8B 79 10  ..L$.SU.l$.VW.y.
    > > > 8B D5 2B D7 8B 7C 24 1C C1 FA 0C 8B 5C 24 20 33  ..+..|$.....\$ 3
    > > > C0 8D 4C D1 18 33 D2 8A 17 89 4C 24 18 8B F2 3B  ..L..3....L$...;
    > > > F3 76 1B 88 1F 8B 01 2B F3 C7 41 04 F1 00 00 00  .v.....+..A.....
    > > > 03 C6 89 01 B8 01 00 00 00 5F 5E 5D 5B C3 73 70  ........._^][.sp
    > > > 8D 0C 3B 8D 95 F8 00 00 00 3B CA 77 63 8D 14 3E  ..;......;.wc..>
    > > > 3B D1 73 0C 80 3A 00 75 05 42 3B D1 72 F6 3B D1  ;.s..:.u.B;.r.;.
    > > > 75 4E 88 1F 8B 45 00 3B F8 77 34 3B C8 76 30 8D  uN...E.;.w4;.v0.
    > > > 85 F8 00 00 00 3B C8 73 19 89 4D 00 8A 11 33 C0  .....;.s..M...3.
    > > > 84 D2 75 09 8A 54 08 01 40 84 D2 74 F7 89 45 04  ..u..T..@..t..E.
    > > > EB 0D 8D 45 08 C7 45 04 00 00 00 00 89 45 00 8B  ...E..E......E..
    > > > 44 24 18 2B F3 8B 08 03 CE 89 08 B8 01 00 00 00  D$.+............
    > > > 5F 5E 5D 5B C3 90 90 90 90 90 90 90 90 90 90 90  _^][............
    > > > 90 8B 44 24 04 8B 0D E0 41 44 00 3B C1 73 3F 8B  ..D$....AD.;.s?.
    > > > C8 8B D0 C1 F9 05 83 E2 1F 8B 0C 8D E0 40 44 00  .............@D.
    > > > F6 44 D1 04 01 74 27 50 E8 54 2F 00 00 83 C4 04  .D...t'P.T/.....
    > > > 50 FF 15 8C 65 44 00 85 C0 75 08 FF 15 F0 64 44  P...eD...u....dD
    > > > 00 EB 02 33 C0 85 C0 74 12 A3 B4 26 44 00 C7 05  ...3...t...&D...
    > > > B0 26 44 00 09 00 00 00 83 C8 FF C3 90 90 90 90  .&D.............
    > > > 90 8B 44 24 04 8B 0D E0 41 44 00 81 EC 1C 04 00  ..D$....AD......
    > > > 00 3B C1 53 55 56 57 0F 83 91 01 00 00 8B C8 8B  .;.SUVW.........
    > > > F0 C1 F9 05 83 E6 1F 8B 14 8D E0 40 44 00 8D 3C  ...........@D..<
    > > > 8D E0 40 44 00 C1 E6 03 89 7C 24 24 89 74 24 14  ..@D.....|$$.t$.
    > > > 8A 4C 16 04 F6 C1 01 0F 84 61 01 00 00 8B 9C 24  .L.......a.....$
    > > > 38 04 00 00 33 ED 3B DD 89 6C 24 10 89 6C 24 20  8...3.;..l$..l$
    > > > 75 0D 33 C0 5F 5E 5D 5B 81 C4 1C 04 00 00 C3 F6  u.3._^][........
    > > > C1 20 74 0C 6A 02 55 50                          . t.j.UP
    > > >
    > > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
    > > > =+=+=+=+=+=+
    > > >
    > > > [**] SHELLCODE x86 NOOP [**]
    > > > 10/04-01:56:03.631988 0:50:4:65:52:2A -> 0:E0:81:2:EA:BD
    > > > type:0x800 len:0x24E
    > > > 212.93.136.252:63842 -> xxx.xxx.xxx.xxx:80 TCP TTL:111
    > > > TOS:0x0 ID:63877
    > > > IpLen:20 DgmLen:576 DF
    > > > ***A**** Seq: 0x447DCF  Ack: 0xFCEEB102  Win: 0x860  TcpLen: 20
    > > > 83 C8 FF 5F 5E 5D 5B C3 33 C0 5F 5E 5D 5B C3 5F  ..._^][.3._^][._
    > > > 5E 5D C7 05 B0 26 44 00 09 00 00 00 C7 05 B4 26  ^]...&D........&
    > > > 44 00 00 00 00 00 83 C8 FF 5B C3 90 90 90 90 90  D........[......
    > > > 90 90 90 90 90 90 90 90 90 56 8B 74 24 08 8B 46  .........V.t$..F
    > > > 0C A8 83 74 25 A8 08 74 21 8B 46 08 50 E8 97 B4  ...t%..t!.F.P...
    > > > FF FF 8B 46 0C 83 C4 04 25 F7 FB FF FF 89 46 0C  ...F....%.....F.
    > > > 33 C0 89 06 89 46 08 89 46 04 5E C3 90 90 90 90  3....F..F.^.....
    > > > 90 90 90 90 90 90 90 90 90 56 8B 74 24 08 57 8B  .........V.t$.W.
    > > > 46 0C A8 83 0F 84 D5 00 00 00 A8 40 0F 85 CD 00  F..........@....
    > > > 00 00 A8 02 74 0B 0C 20 89 46 0C 83 C8 FF 5F 5E  ....t.. .F...._^
    > > > C3 0C 01 A9 0C 01 00 00 89 46 0C 75 0B 56 E8 06  .........F.u.V..
    > > > FD FF FF 83 C4 04 EB 05 8B 46 08 89 06 8B 4E 18  .........F....N.
    > > > 8B 56 08 8B 46 10 51 52 50 E8 9B 00 00 00 83 C4  .V..F.QRP.......
    > > > 0C 89 46 04 85 C0 74 6E 83 F8 FF 74 69 8B 56 0C  ..F...tn...ti.V.
    > > > F6 C2 82 75 32 8B 4E 10 83 F9 FF 74 14 8B F9 C1  ...u2.N....t....
    > > > FF 05 83 E1 1F 8B 3C BD E0 40 44 00 8D 3C CF EB  ......<..@D..<..
    > > > 05 BF B0 51 43 00 8A 4F 04 80 E1 82 80 F9 82 75  ...QC..O.......u
    > > > 06 80 CE 20 89 56 0C 81 7E 18 00 02 00 00 75 14  ... .V..~.....u.
    > > > 8B 4E 0C F6 C1 08 74 0C F6 C5 04 75 07 C7 46 18  .N....t....u..F.
    > > > 00 10 00 00 48 33 D2 89 46 04 8B 06 8A 10 40 89  ....H3..F.....@.
    > > > 06 8B C2 5F 5E C3 8B 4E 0C C7 46 04 00 00 00 00  ..._^..N..F.....
    > > > F7 D8 1B C0 83 E0 10 83 C0 10 0B C8 89 4E 0C 5F  .............N._
    > > > 83 C8 FF 5E C3 90 90 90 90 A1 E0 41 44 00 83 EC  ...^.......AD...
    > > > 0C 53 8B 5C 24 14 55 56 3B D8 57 0F 83 1D 02 00  .S.\$.UV;.W.....
    > > > 00 8B C3 83 E3 1F C1 F8 05 C1 E3 03 8B 0C 85 E0  ................
    > > > 40 44 00 8D 34 85 E0 40 44 00 89 74 24 14 8D 04  @D..4..@D..t$...
    > > > 0B 89 44 24 10 8A 50 04 F6 C2 01 0F 84 ED 01 00  ..D$..P.........
    > > > 00 8B 4C 24 28 8B 7C 24 24 33 ED 8B C7 85 C9 0F  ..L$(.|$$3......
    > > > 84 CF 01 00 00 F6 C2 02 0F 85 C6 01 00 00 F6 C2  ................
    > > > 48 74 1E 8B 54 24 10 8A 52 05 80 FA 0A 74 12 88  Ht..T$..R....t..
    > > > 17 8B 16 8D 47 01 BD 01 00 00 00 49 C6 44 13 05  ....G......I.D..
    > > > 0A 8D 54 24 10 6A 00 52 51 50 8B 06 8B 0C 03 51  ..T$.j.RQP.....Q
    > > > FF 15 54 65 44 00 85 C0 75 48 FF 15 F0 64 44 00  ..TeD...uH...dD.
    > > > 83 F8 05 75 1A A3 B4 26                          ...u...&
    > > >
    > > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
    > > > =+=+=+=+=+=+
    > > >
    > > >
    > > >
    > > >
    > > > --------------------------------------------------------------
    > > > --------------
    > > > This list is provided by the SecurityFocus ARIS analyzer service.
    > > > For more information on this free incident handling, management
    > > > and tracking system please see: http://aris.securityfocus.com
    > > >
    > >
    > > --------------------------------------------------------------
    > > --------------
    > > This list is provided by the SecurityFocus ARIS analyzer service.
    > > For more information on this free incident handling, management
    > > and tracking system please see: http://aris.securityfocus.com
    > >
    > 
    > 
    > ----------------------------------------------------------------------------
    > This list is provided by the SecurityFocus ARIS analyzer service.
    > For more information on this free incident handling, management 
    > and tracking system please see: http://aris.securityfocus.com
    > 
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 08:27:27 PDT