strange sniff/scan ???

• Previous message: SchmiTTT: "RE: block msn"
• Next in thread: Paulo Abrantes: "Re: strange sniff/scan ???"
• Reply: Paulo Abrantes: "Re: strange sniff/scan ???"
• Reply: Paulo Abrantes: "Re: strange sniff/scan ???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: security-discuss@linuxsecurity.com
Date: 01 May 2003 16:30:55 +0200

Hi !

Here an outprint of snort:

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

05/01-16:26:42.686237 < l/l len: 0 l/l type: 0x200 0:0:0:0:0:0
pkt type:0x0 proto: 0x800 len:0x5E
67.121.92.180:1025 -> 217.230.71.240:137 UDP TTL:111 TOS:0x0 ID:27498
IpLen:20 DgmLen:78
Len: 50
01 00 00 10 00 01 00 00 00 00 00 00 20 43 4B 41 ............ CKA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
00 01 ..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

This guy seems to repeat it over and over at my PC.
from all parts of world. I assume he is in South-America or Spain.

What does CKAAAA... mean ??? What kind of scan is this ???

For hint tuvm !

Regards
Tino.

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.

• Previous message: SchmiTTT: "RE: block msn"
• Next in thread: Paulo Abrantes: "Re: strange sniff/scan ???"
• Reply: Paulo Abrantes: "Re: strange sniff/scan ???"
• Reply: Paulo Abrantes: "Re: strange sniff/scan ???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]