RE: NMAP scan
From: Jef Feltman (feltman@pacbell.net)Date: 09/20/02
- Previous message: Chris Berry: "RE: Defense plan"
- In reply to: Mel: "NMAP scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 19 Sep 2002 16:30:06 -0700 From: Jef Feltman <feltman@pacbell.net> To: security-basics@securityfocus.com
it is UDP traffic, I have never seen FTP traffic work on UDP, only TCP.
how do you know NMAP is doing this?
jef
-----Original Message-----
From: Mel [mailto:rockchick@totalise.co.uk]
Sent: Monday, September 16, 2002 3:43 AM
To: security-basics@securityfocus.com
Subject: NMAP scan
Hi
Can anyone tell me what particular vulnerability this NMAP scan is probing
for?
UDP_43555-20
[**] Snort Unmatched [**]
08/22-18:09:52.732955 161.73.38.103:45552 -> 192.168.1.20:20
UDP TTL:54 TOS:0x0 ID:32141 IpLen:20 DgmLen:328
Len: 308
67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg
67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg
67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg
67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg
67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg
67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg
67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg
67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg
67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggg
I can see that it's some kind of FTP exploit from the destination source
port number, but otherwise I can find no further information on it, and
google searches have returned nothing.
Thanks in advance
Melanie
- Previous message: Chris Berry: "RE: Defense plan"
- In reply to: Mel: "NMAP scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
