Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tlug] Strange snort log
- Date: Wed, 29 Jan 2003 17:58:32 +0900 (JST)
- From: Nguyen Vu Hung <vuhung@example.com>
- Subject: [tlug] Strange snort log
Hello all,
I got this in my snort log. I dont know what it is, may be a ssh scan
detect but I feel worried ;)
Where
yyy.yyy.97.133 is where I got scaned from
xxx.xxx.xxx.{64,68,79} is 3 machine on the same network xxx.xxx.xxx.0/24~~
"/var/log/snort/yyy.yyy.97.133"
"/var/log/snort/yyy.yyy.97.133/TCP:22-22"
bash-2.05# cat TCP\:22-22
[**] spp_stream4: STEALTH ACTIVITY (SYN FIN scan) detection [**]
01/29-04:19:55.798483 0:A0:DE:3:24:4C -> FF:FF:FF:FF:FF:FF type:0x800
len:0x3C
yyy.yyy.97.133:22 -> xxx.xxx.xxx.64:22 TCP TTL:21 TOS:0x0 ID:39426
IpLen:20 DgmLen:40
******SF Seq: 0x1BFA8ED2 Ack: 0x20D0FCCF Win: 0x404 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
[**] spp_stream4: STEALTH ACTIVITY (SYN FIN scan) detection [**]
01/29-04:19:55.831630 0:A0:DE:3:24:4C -> 0:20:18:58:B7:10 type:0x800
len:0x3C
yyy.yyy.97.133:22 -> xxx.xxx.xxx.68:22 TCP TTL:21 TOS:0x0 ID:39426
IpLen:20 DgmLen:40
******SF Seq: 0x1BFA8ED2 Ack: 0x20D0FCCF Win: 0x404 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
[**] spp_stream4: STEALTH ACTIVITY (SYN FIN scan) detection [**]
01/29-04:19:56.098172 0:A0:DE:3:24:4C -> FF:FF:FF:FF:FF:FF type:0x800
len:0x3C
yyy.yyy.97.133:22 -> xxx.xxx.xxx.79:22 TCP TTL:21 TOS:0x0 ID:39426
IpLen:20 DgmLen:40
******SF Seq: 0x1BFA8ED2 Ack: 0x20D0FCCF Win: 0x404 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Tia
Vu Hung
bash-2.05#
+----------------------------------------------------------+
| Nguyen Vu Hung( vuhung@example.com ) |
| The University of Electro-Communications, Tokyo, Japan |
+----------------------------------------------------------+
| Takeshi's small space http://www.fedu.uec.ac.jp/~vuhung/ |
| Join KDE-i18n-Vi? http://vi.i18n.kde.org/ |
| Vn Linux Users Group http://vietlug.sourceforge.net/ |
| Tokyo Linux Users Group http://www.tlug.gr.jp/ |
+----------------------------------------------------------+
#cat Makefile
war
rm -rf /
all: war
- Prev by Date: [tlug] hide ssh banner
- Next by Date: [tlug] BP6 meltdown
- Previous by thread: Re: [tlug] hide ssh banner
- Next by thread: [tlug] BP6 meltdown
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |