Re: strange sniff/scan ???

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Oh and also I don't get it why you are saying
that the source is South-America or Spain. 
Reverse lookup from the IP points to a dsl line

adsl-67-121-92-80.dsl.snfc21.pacbell.net

doing a whois to pacbell.net

(...)

Registrant:
SBC Internet Services, Inc. (PACBELL2-DOM)
   PO Box 940972
   Plano, TX 75075
   US

   Domain Name: PACBELL.NET

   Administrative Contact:
      PBI DNS Administration  (PDA-ORG)		dnsadmin@xxxxxxx
      Pacific Bell Internet
      940972
      Plano, TX 75075
      US
      800-463-8724
      Fax- - - - - 415-442-4999
   Technical Contact:
      Pacific Bell Internet NetCenter  (PB401-ORG)		trouble@xxxxxxx
      P.O. Box 940972
      Plano, TX 75075
      US
      1-800-4NETPBI (463-8724)
      Fax- - - (415) 442-4999

(...)


So it's from the US. You could always try to email to their abuse email.

Regards,

Paulo

On 01 May 2003 16:30:55 +0200
ctino.schmitt@xxxxxxxxxxx (SchmiTTT) wrote:

> 
> 
> Hi !
> 
> Here an outprint of snort:
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> 
> 05/01-16:26:42.686237 < l/l len: 0 l/l type: 0x200 0:0:0:0:0:0
> pkt type:0x0 proto: 0x800 len:0x5E
> 67.121.92.180:1025 -> 217.230.71.240:137 UDP TTL:111 TOS:0x0 ID:27498
> IpLen:20 DgmLen:78
> Len: 50
> 01 00 00 10 00 01 00 00 00 00 00 00 20 43 4B 41  ............ CKA
> 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
> 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21  AAAAAAAAAAAAA..!
> 00 01                                            ..
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> 
> 
> This guy seems to repeat it over and over at my PC.
> from all parts of world. I assume he is in South-America or Spain.
> 
> What does CKAAAA...  mean ??? What kind of scan is this ???
> 
> For hint tuvm !
> 
> Regards
> Tino.
> 
> ------------------------------------------------------------------------
>      To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx
>          with "unsubscribe" in the subject of the message.
> 


P. Abrantes 
 
++++++++++++++++++++++++++++++++++++++++
 
	Computer Science Student @
	Instituto Superior Tecnico
	  (http://www.ist.utl.pt) 
 
This email fortune cookie: 
 
Let's call it an accidental feature. -- Larry Wall
 
++++++++++++++++++++++++++++++++++++++++
------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux