Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 31 Jan 2003 15:05:12 +0300
From:      dawnshade <h-k@mail.ru>
To:        freebsd-security@freebsd.org
Subject:   strange packets
Message-ID:  <74365074589.20030131150512@mail.ru>
next in thread | raw e-mail | index | archive | help 
Hello All,

Sometimes i see in alert log Snort this records:

------------------------
[**] [1:404:4] ICMP Destination Unreachable (Protocol Unreachable) [**]
[Classification: Misc activity] [Priority: 3] 
01/29/03-23:34:34.582889 212.68.201.5 -> my.net.56.160
ICMP TTL:47 TOS:0x0 ID:61571 IpLen:20 DgmLen:76
Type:3 Code:2 DESTINATION UNREACHABLE: PROTOCOL UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
my.net.56.160:12709 -> 255.255.255.255:80
TCP TTL:129 TOS:0x0 ID:3455 IpLen:20 DgmLen:40
*2U***SF Seq: 0x54800000 Ack: 0x105A3E Win: 0x0 TcpLen: 40
** END OF DUMP
[**] [1:404:4] ICMP Destination Unreachable (Protocol Unreachable) [**]
[Classification: Misc activity] [Priority: 3] 
01/30/03-03:38:34.722373 212.68.201.5 -> my.net.56.163
ICMP TTL:47 TOS:0x0 ID:55712 IpLen:20 DgmLen:76
Type:3 Code:2 DESTINATION UNREACHABLE: PROTOCOL UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
my.net.56.163:2058 -> 255.255.255.255:80
TCP TTL:129 TOS:0x0 ID:256 IpLen:20 DgmLen:40
12UAPRS* Seq: 0x14A80000 Ack: 0x24439 Win: 0x0 TcpLen: 36
** END OF DUMP  
[**] [1:404:4] ICMP Destination Unreachable (Protocol Unreachable) [**]
[Classification: Misc activity] [Priority: 3] 
01/30/03-04:30:45.313200 212.68.201.5 -> my.net.56.151
ICMP TTL:47 TOS:0x0 ID:5550 IpLen:20 DgmLen:76
Type:3 Code:2 DESTINATION UNREACHABLE: PROTOCOL UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
my.net.56.151:28011 -> 255.255.255.255:80
TCP TTL:129 TOS:0x0 ID:256 IpLen:20 DgmLen:40
*2*APRSF Seq: 0x38E60000 Ack: 0x50180F Win: 0x0 TcpLen: 12
** END OF DUMP
[**] [1:404:4] ICMP Destination Unreachable (Protocol Unreachable) [**]
[Classification: Misc activity] [Priority: 3] 
01/30/03-04:53:32.286139 212.68.201.5 -> my.router.246.1
ICMP TTL:47 TOS:0x20 ID:45640 IpLen:20 DgmLen:76
Type:3 Code:2 DESTINATION UNREACHABLE: PROTOCOL UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
my.router.246.1:28163 -> 255.255.255.255:80
TCP TTL:129 TOS:0x0 ID:256 IpLen:20 DgmLen:40
1*U***S* Seq: 0x1CC40000 Ack: 0x40F437 Win: 0x0 TcpLen: 44
** END OF DUMP
------------------------

Why the 212.68.201.5 sends reply to broadcasts and some strange flags
in packet??
No more activites in log file from this ip i didn't found.
Snort 1.9.0, FreeBSD 4.5 Release #0.

-- 
...The daemons find works for the idle hands....


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?74365074589.20030131150512>