RE: what is this?

From: DeGennaro, Gregory (Gregory_DeGennaro_at_csaa.com)
Date: 08/19/03

  • Next message: Joe Stewart: "Re: Increasing ICMP Echo Requests"
    To: Kostas K <acezerocool@yahoo.com>, incidents@securityfocus.com
    Date: Tue, 19 Aug 2003 10:04:37 -0700
    
    

    224.0.0.1 = multicast

    Protocol 2 = IGMP Internet Group Management [RFC1112]

    http://www.iana.org/assignments/protocol-numbers

    http://www.cisco.com/en/US/products/sw/iosswrel/ps1834/products_feature_guid
    e09186a0080080515.html

    Regards,

    Greg DeGennaro Jr., CCNP
    Security Analyst

    -----Original Message-----
    From: Kostas K [mailto:acezerocool@yahoo.com]
    Sent: Monday, August 18, 2003 5:19 PM
    To: incidents@securityfocus.com
    Subject: what is this?

    Hi list,

    I captured activity with snort and i can't think of what is it? Does
    anybody know.

    08/19-00:42:39.063639 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800
    len:0x2A
    194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:44416 IpLen:20
    DgmLen:28
    11 64 EE 9B 00 00 00 00 .d......

    =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

    08/19-00:43:39.185528 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800
    len:0x2A
    194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:48569 IpLen:20
    DgmLen:28
    11 64 EE 9B 00 00 00 00 .d......

    =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

    08/19-00:44:39.301674 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800
    len:0x2A
    194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:51771 IpLen:20
    DgmLen:28
    11 64 EE 9B 00 00 00 00 .d......

    =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

    08/19-00:45:39.423600 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800
    len:0x2A
    194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:55167 IpLen:20
    DgmLen:28
    11 64 EE 9B 00 00 00 00 .d......

    =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

    08/19-00:46:39.556458 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800
    len:0x2A
    194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:58562 IpLen:20
    DgmLen:28
    11 64 EE 9B 00 00 00 00 .d......

    =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

    08/19-00:47:39.672239 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800
    len:0x2A
    194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:62338 IpLen:20
    DgmLen:28
    11 64 EE 9B 00 00 00 00

    By the way is there any link that explains well snort's output?

    Thanx in advance

    ---------------------------------------------------------------------------
    Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Automatically Control P2P, IM and Spam Traffic
     - Ensure Reliable Performance of Mission Critical Applications
     - Precisely Define and Implement Network Security and Performance Policies
    **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
    Visit us at:
    http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Automatically Control P2P, IM and Spam Traffic
     - Ensure Reliable Performance of Mission Critical Applications
     - Precisely Define and Implement Network Security and Performance Policies
    **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
    Visit us at:
    http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814
    ----------------------------------------------------------------------------


  • Next message: Joe Stewart: "Re: Increasing ICMP Echo Requests"

    Relevant Pages

    • Re: Increasing ICMP Echo Requests
      ... In the company I'm working for, we also have noticed a increasing number of ICPM request. ... > Captus Networks - Integrated Intrusion Prevention and Traffic Shaping ... > - Ensure Reliable Performance of Mission Critical Applications ...
      (Incidents)
    • Re: Increasing ICMP Echo Requests
      ... We are looking into filtering ICMP echo ... >Captus Networks - Integrated Intrusion Prevention and Traffic Shaping ... > - Ensure Reliable Performance of Mission Critical Applications ...
      (Incidents)
    • RE: DCOM worm with get.bat bot.rar
      ... DCOM worm with get.bat bot.rar ... > Captus Networks - Integrated Intrusion Prevention and Traffic Shaping ... > - Ensure Reliable Performance of Mission Critical Applications ...
      (Incidents)
    • Re: lots of sobig virus emails.
      ... they shouldn't be sending mail to the ... Captus Networks - Integrated Intrusion Prevention and Traffic Shaping ... Ensure Reliable Performance of Mission Critical Applications ...
      (Incidents)
    • RE: Microsoft extinguishes windowsupdate.com
      ... Subject: Microsoft 'extinguishes' windowsupdate.com ... Captus Networks - Integrated Intrusion Prevention and Traffic Shaping ... - Ensure Reliable Performance of Mission Critical Applications ...
      (Incidents)