Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Tracing where it started

  • From: Brian Coyle
  • Date: Sat Jan 25 23:25:40 2003

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 25 January 2003 22:30, Charles Sprickman wrote:
> On Sat, 25 Jan 2003, Brian Coyle wrote:
> > I have a similar packet (but only one) from the same host (time is ntp
> > sync'd EST).
> >
> > Jan 20 12:55:47 firewall kernel: Packet log: input - ppp0 PROTO=17
> > 67.8.33.179:1 65.83.153.253:1434 L=29 S=0x00 I=20300 F=0x0000 T=110 (#23)
>
> That's a busy machine apparently:
>
> Jan 19 01:13:16 gw ipmon[32123]: 01:13:15.993484 ed0 @0:20 b 67.8.33.179,1
> -> 66.92.x.x,1434 PR udp len 20 29  IN
>
> (also EST, NTP synced)
>

Additional correlations are being reported over on the 
intrusions@incidents.org list...

http://www.sans.org/intrusions/

- -- 
42
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Brian Coyle, GCIA                         http://www.giac.org/GCIA.php

iD8DBQE+M1x6ER3MuHUncBsRAhiUAJ4+8RCpTicU4VWZzkXlR8grUjOBrQCfZHP9
VzmEQod+qeXiL50M/llrZvA=
=LuxR
-----END PGP SIGNATURE-----




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.