suspicious packets

From: Michael Anuzis (michael_anuzisat_private)
Date: Wed Jan 30 2002 - 19:39:15 PST

  • Next message: Clinton Smith: "New Virus/Worm - Frontpage?"

    http://www.anuzis.net/tcp0/
    
    this directory on my webserver contains two files:
    snort.capture =  a portion of a snort capture
    tcp.dump = a look at the content of the suspicious packets
    
    tcp source port zero, tcp destination port zero
    a stealth port scan about 2 minutes later on a single port from the same IP
    
    no nslookup or whois entry for the suspicious source IP
    
    _________________________________________________________________
    MSN Photos is the easiest way to share and print your photos: 
    http://photos.msn.com/support/worldwide.aspx
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Jan 31 2002 - 09:09:52 PST