Re: strange traffic

From: Thierry Zoller (support@sniff-em.com)
Date: Sat Jan 25 2003 - 06:40:49 PST

Next message: Dave Aitel: "Re: Increased activity on UDP/1434"

Previous message: Marc Maiffret: "SQL Sapphire Worm Analysis"
Maybe in reply to: Wim Mees: "strange traffic"
Next in thread: kris carlier: "Re: strange traffic"
Next in thread: Andreas Str|m: "Re: mIRC Zombie, port 445"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From http://www.mcabee.org/lists/snort-users/Sep-02/msg00099.html 

>>AFAIK these are typical of command packets attempting to discover if the 
>>machine targeted has the "Q" backdoor/trojan.

OR :
http://www.whitehats.com/cgi/arachNIDS/Show?_id=ids202&view=research

Regards,
Thierry 
http://www.sniff-em.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Dave Aitel: "Re: Increased activity on UDP/1434"
Previous message: Marc Maiffret: "SQL Sapphire Worm Analysis"
Maybe in reply to: Wim Mees: "strange traffic"
Next in thread: kris carlier: "Re: strange traffic"
Next in thread: Andreas Str|m: "Re: mIRC Zombie, port 445"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jan 26 2003 - 20:04:23 PST