Re: unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr[

From: Devdas Bhagat (dvbat_private)
Date: Fri Oct 18 2002 - 23:59:57 PDT

Next message: David Kennedy CISSP: "Re: Source of Windows PopUp SPAM"

Previous message: James Sneeringer: "Re: unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr["
In reply to: Melt Man: "unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr["
Next in thread: Ryan Yagatich: "Re: unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr["
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 18/10/02 13:31 -0000, Melt  Man wrote:
> the sample tcpdump output is:
> 
> 20:32:22.658735 200.213.38.137.1812 > XX.XX.XX.XX.1812:  rad-#0 41 
> [id 0] Attr[  Term_action Term_action Term_action Term_ac
> tion Term_action Term_action Term_action Term_action Term_action 
> Term_action Term_action
These are radius packets (or look like radius packets, can't say without
a complete dump).
This ip block is allocated to Brazil (MSB Telecom Ltd, contact
information via whois.registro.br).

> second time tcpdump
> 
> 20:39:57.168735 202.30.10.188.1812 > XX.XX.XX.XX.1812:  rad-#0 41 
> [id 0] Attr[  Term_action
This ip is from Korea (Ajou university, whois.krnic.net).

Try tcpdump -s0 to capture the entire packet.

Devdas Bhagat


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: David Kennedy CISSP: "Re: Source of Windows PopUp SPAM"
Previous message: James Sneeringer: "Re: unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr["
In reply to: Melt Man: "unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr["
Next in thread: Ryan Yagatich: "Re: unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr["
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Oct 20 2002 - 20:57:40 PDT