have a bunch of these from *one* tcp session which originated in our
resnet. No idea what the traffic is unfortunately, it is some sort of
large binary transfer.
Russell
META
--------
SID CID TimeStamp Signature
6 7972006 2006-02-09 15:11:45 MS-SQL probe response overflow attempt
Sig ID
2329
Sensor Hostname Sensor Interface
hihi.insec.auckland.ac.nz new dmz sensor
IP
--------
Source Address Dest Address Ver Hdr Len
130.216.1.194 72.65.10.239 4 5
TOS length ID flags offset TTL chksum
0 894 60596 0 0 127 29680
Resolved Source
ororke.resnet.auckland.ac.nz
Resolved Dest
pool-72-65-10-239.bflony.east.verizon.net
UDP
--------
Source Port Dest Port Length Checksum
51914 17910 874 38096
DATA
--------
05170DAE9F53744BAD6E .....StK.n
697061F103D8327F96F7 ipa...2...
9203EE764CCEA9EA55C6 ...vL...U.
1966DD264A0DEBEB368F .f.&J...6.
D4DACAE20CC7018933CD ........3.
61722CE75BD6B6EE2561 ar,.[...%a
C84933E75886BFF74E52 .I3.X...NR
FCEAA42735870BA282F0 ...'5.....
7E6A8807FD3C400A84D8 ~j...<@...
2D6E5F9255CA6FF5B0E3 -n_.U.o...
40496A89F33F013E2094 @Ij..?.> .
941EA9477EB33D4A386E ...G~.=J8n
D03C386C051EA911352C .<8l....5,
ACA94280D720B3CE2285 ..B.. ..".
401549E6228F1AA422EF @.I."...".
B17E86FCA707DC903393 .~......3.
14D2823E51D4CE81CB9A ...>Q.....
522745EC4D82D0FA000A R'E.M.....
CCAC21AFB5ACF88FAFE4 ..!.......
C214B0FBA0000AF421AF ........!.
0D55363E0DA15499689A .U6>..T.h.
3BCB7E772F64B3889311 ;.~w/d....
9166D2B510706D4FF60C .f...pmO..
B7D361F9AB43F48E459F ..a..C..E.
2DFEFB10C0F31FE1CFAD -.........
BB80C27E3738FD6E1F9D ...~78.n..
B66DB2BA55F13F273135 .m..U.?'15
33088361AC6632EC31A9 3..a.f2.1.
505BBB4401CC78B4B936 P[.D..x..6
A771FD4B21A43F1914F1 .q.K!.?...
9A44F24D92E60EEB36E8 .D.M....6.
7C16B9E349018DCF1973 |...I....s
06E8012AA9E3020C3571 ...*....5q
DD661CB1C2CC14B0633A .f......c:
71459E3C241C49B97B4E qE.<$.I.{N
8F75AD36494F38964520 .u.6IO8.E
057DFD2897171EABE5CC .}.(......
942868B30A416E3C6474 .(h..An<dt
18F6EF2D7BA6BB9FE2A3 ...-{.....
B7985C383972EDE06562 ..\89r..eb
A338231B910ACC013831 .8#.....81
71A7D8036E865A799E23 q...n.Zy.#
1532E8819DF78180A1E1 .2........
A107FA0FE24D4C05348F .....ML.4.
B9EB1E9055642816A338 ....Ud(..8
398D9783675943E661E2 9...gYC.a.
D451DC75C268BA70057A .Q.u.h.p.z
2E59D8230410C6B21822 .Y.#....."
8411382F95DA9CF728E2 ..8/....(.
5214B7504670E4469CF1 R..PFp.F..
0B1D8EC79996A901CDCC ..........
56F8ABB509D96691896F V.....f..o
6C3320362BCDEE0A5ECD l3 6+...^.
AB3E5A60698516CC518B .>Z`i...Q.
5691B14816AA840A262F V..H....&/
8F48E1A8D318FDFE9276 .H.......v
2EE0C436FEECD66121BD ...6...a!.
C5665E91BF5B1D444599 .f^..[.DE.
8FB92CA70E6EEF8F11DF ..,..n....
2468013AED320370D312 $h.:.2.p..
A2C0774FF9A4207499C0 ..wO.. t..
C03EFAF5328205931BCE .>..2.....
858D52DC14C82BFD20BA ..R...+. .
0FC7C33AC3512078B1E0 ...:.Q x..
1CC0F3E006FF3E6AFE5C ......>j.\
A682AC336B50E2F60C40 ...3kP...@
FA6DB97EF02C1BD9803F .m.~.,...?
A3D45925662BDD449B52 ..Y%f+.D.R
E6BF5D67721F7D829A98 ..]gr.}...
BA41B8A81D0231573854 .A....1W8T
B8EE230EEB803A52C35D ..#...:R.]
6125A0CDAC738D7D5F98 a%...s.}_.
D2B92FC3F76839090CE6 ../..h9...
E1555DE91D6A416FCD50 .U]..jAo.P
C11DBE2B97FFA2AC43F5 ...+....C.
8915DD7D035DF2FA48A9 ...}.]..H.
27EF4011066CA163CA88 '.@..l.c..
B0216AB7676E390F2212 .!j.gn9.".
3E41864A81AAAE792397 >A.J...y#.
C2C80612D9ACEDF7AC47 .........G
296F02227160D780CF93 )o."q`....
433107B0781105339736 C1..x..3.6
730853CF4E13E7C9C935 s.S.N....5
8A925344A6845FE82D3B ..SD.._.-;
E8424C64A911300830EB .BLd..0.0.
094F63DAFAEF83E90FA1 .Oc.......
33DE1724C732 3..$.2
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
