Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Malformed DNS or something odd (or just me)

from [Paul Daniel] Network Security [Permanent Link]
Subject: Re: Malformed DNS or something odd (or just me)
Date: Sat, 13 Nov 2004 09:16:55 -0000 


-----Original Message-----
From: Butterworth, Jim [mailto:jim.butterworth@guidancesoftware.com]
Sent: 10 November 2004 21:45
To: Paul Daniel
Subject: RE: Malformed DNS or something odd (or just me)


You got the whole TCPDUMP output?

r/Jim

These are 3 separate packets (slightly obscured) using Windump:

10:54:34.211423 mac1 > mac2, ethertype IPv4 (0x0800), length 60: IP (tos
0x0, ttl 112, id 4591, offset 0, flags [none], length: 46) 203.206.52.94.53

myipadd.53: [udp sum ok]  258 [b2&3=0x7] [16323a] [53638q] [9748n]

[257au][|domain]
        0x0000:  0080 c8f2 fc7a 00d0 2b75 018c 0800 4500  .....z..+u....E.
        0x0010:  002e 11ef 0000 7011 3663 cbce 345e 5225  ......p.6c..4^R%
        0x0020:  b01b 0035 0035 001a 9e7a 0102 0007 d186  ...5.5...z......
        0x0030:  3fc3 2614 0101 449d ab62 3500            ?.&...D..b5.
11:03:31.411671 mac1 > mac2, ethertype IPv4 (0x0800), length 60: IP (tos
0x0, ttl 117, id 6509, offset 0, flags [none], length: 46) 4.138.224.106.53

myipadd.53: [udp sum ok]  258 [b2&3=0x7] [16323a] [53638q] [9748n]

[257au][|domain]
        0x0000:  0080 c8f2 fc7a 00d0 2b75 018c 0800 4500  .....z..+u....E.
        0x0010:  002e 196d 0000 7511 451d 048a e06a 5225  ...m..u.E....jR%
        0x0020:  b01b 0035 0035 001a c85e 0102 0007 d186  ...5.5...^......
        0x0030:  3fc3 2614 0101 40c9 a08a 3500            ?.&...@...5.
11:13:29.914292 mac1 > mac2, ethertype IPv4 (0x0800), length 510: IP (tos
0x0, ttl 111, id 273, offset 0, flags [none], length: 496) 202.231.176.70.38

myipadd.53:  258 [b2&3=0x7] [16323a] [53638q] [9748n] [332au][|domain]

        0x0000:  0080 c8f2 fc7a 00d0 2b75 018c 0800 4500  .....z..+u....E.
        0x0010:  01f0 0111 0000 6f11 cb7d cae7 b046 5225  ......o..}...FR%
        0x0020:  b01b 0026 0035 01dc 58a0 0102 0007 d186  ...&.5..X.......
        0x0030:  3fc3 2614 014c 184a aac0 3500 5037 483a  ?.&..L.J..5.P7H:
        0x0040:  3500 4253 bd66 3500 401a 4452 3500 c829  5.BS.f5.@.DR5..)
        0x0050:  33e2 3500 c27e 6e82 3500 4416 5aee 3500  3.5..~n.5.D.Z.5.

Regards
Paul Daniel

P.S. Over 24 hours after I sent this it had not appeared in the list, so
this is a resend. Apologies if it ends up appearing twice.

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.795 / Virus Database: 539 - Release Date: 12/11/2004
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ABoxInstall, Matthew Cerha
Next by Date:  CERT Software, Brian Peister
Previous by Thread:  Re: Malformed DNS or something odd (or just me), Erik Fichtner
Next by Thread:  CERT Software, Brian Peister
Indexes:  [Date] [Thread] [Top] [All Lists]