[**] [1:650:5] SHELLCODE x86 setuid 0 [**] [Classification: A system call was detected] [Priority: 2] 05/04-03:07:01.847940 63.240.15.136:80 -> 192.168.1.105:49157 TCP TTL:49 TOS:0x0 ID:28850 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x7C7A9732 Ack: 0x7695A39 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 6963637 2710498020 [Xref => http://www.whitehats.com/info/IDS436] |
[**] [1:648:5] SHELLCODE x86 NOOP [**] [Classification: Executable code was detected] [Priority: 1] 05/04-03:13:52.388025 63.240.15.144:80 -> 192.168.1.105:49162 TCP TTL:49 TOS:0x0 ID:38691 IpLen:20 DgmLen:1500 DF ***AP*** Seq: 0xAFF06CCB Ack: 0xA130F75 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1067162 2710498841 [Xref => http://www.whitehats.com/info/IDS181] |
[**] [1:648:5] SHELLCODE x86 NOOP [**] [Classification: Executable code was detected] [Priority: 1] 05/05-19:44:31.487947 143.166.83.202:1253 -> 192.168.1.105:1057 TCP TTL:107 TOS:0x0 ID:35092 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x4EA46EF1 Ack: 0x1CEBEDFF Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS181] |
[**] [1:648:5] SHELLCODE x86 NOOP [**] [Classification: Executable code was detected] [Priority: 1] 05/07-17:08:33.739024 192.150.18.29:80 -> 192.168.1.105:1151 TCP TTL:46 TOS:0x0 ID:38442 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0xB90A382A Ack: 0x93145A10 Win: 0x1920 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS181] |
[**] [1:648:5] SHELLCODE x86 NOOP [**] [Classification: Executable code was detected] [Priority: 1] 05/07-17:08:33.980397 192.150.18.29:80 -> 192.168.1.105:1151 TCP TTL:46 TOS:0x0 ID:38452 IpLen:20 DgmLen:1500 DF ***AP*** Seq: 0xB90A7132 Ack: 0x93145A10 Win: 0x1920 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS181] |
[**] [1:648:5] SHELLCODE x86 NOOP [**] [Classification: Executable code was detected] [Priority: 1] 05/07-17:12:04.115360 63.208.194.39:80 -> 192.168.1.105:1200 TCP TTL:51 TOS:0x0 ID:36881 IpLen:20 DgmLen:1500 DF ***AP*** Seq: 0xC618070B Ack: 0x9655A728 Win: 0x7D78 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS181] |
[**] [1:499:3] ICMP Large ICMP Packet [**] [Classification: Potentially Bad Traffic] [Priority: 2] 05/16-14:03:01.277290 66.185.146.249 -> 192.168.1.105 ICMP TTL:248 TOS:0x0 ID:1066 IpLen:20 DgmLen:1478 Type:0 Code:0 ID:512 Seq:17920 ECHO REPLY [Xref => http://www.whitehats.com/info/IDS246] |
[**] [1:499:3] ICMP Large ICMP Packet [**] [Classification: Potentially Bad Traffic] [Priority: 2] 05/16-14:03:01.317054 66.185.146.249 -> 192.168.1.105 ICMP TTL:248 TOS:0x0 ID:1067 IpLen:20 DgmLen:1478 Type:0 Code:0 ID:512 Seq:18176 ECHO REPLY [Xref => http://www.whitehats.com/info/IDS246] |
[**] [1:648:5] SHELLCODE x86 NOOP [**] [Classification: Executable code was detected] [Priority: 1] 05/18-00:31:36.538792 213.239.45.162:80 -> 192.168.1.105:1185 TCP TTL:49 TOS:0x0 ID:13471 IpLen:20 DgmLen:1300 DF ***A**** Seq: 0xAA17A067 Ack: 0xDAB5A79 Win: 0x3240 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS181] |
[**] [1:648:5] SHELLCODE x86 NOOP [**] [Classification: Executable code was detected] [Priority: 1] 05/18-00:31:36.542387 213.239.45.162:80 -> 192.168.1.105:1185 TCP TTL:49 TOS:0x0 ID:13473 IpLen:20 DgmLen:1300 DF ***A**** Seq: 0xAA17AA3F Ack: 0xDAB5A79 Win: 0x3240 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS181] |
[**] [1:648:5] SHELLCODE x86 NOOP [**] [Classification: Executable code was detected] [Priority: 1] 05/18-00:31:36.896372 213.239.45.162:80 -> 192.168.1.105:1185 TCP TTL:49 TOS:0x0 ID:13499 IpLen:20 DgmLen:1300 DF ***A**** Seq: 0xAA182A37 Ack: 0xDAB5A79 Win: 0x3240 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS181] |
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**] [Classification: Misc activity] [Priority: 3] 05/23-16:54:58.418010 10.53.96.1 -> 192.168.1.105 ICMP TTL:254 TOS:0x0 ID:17435 IpLen:20 DgmLen:56 Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED, PACKET FILTERED ** ORIGINAL DATAGRAM DUMP: 192.168.1.105:2797 -> 10.63.2.252:161 UDP TTL:126 TOS:0x0 ID:37386 IpLen:20 DgmLen:105 Len: 77 ** END OF DUMP |
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**] [Classification: Misc activity] [Priority: 3] 05/27-01:00:19.521905 10.53.96.1 -> 192.168.1.105 ICMP TTL:254 TOS:0x0 ID:63071 IpLen:20 DgmLen:56 Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED, PACKET FILTERED ** ORIGINAL DATAGRAM DUMP: 192.168.1.105:2797 -> 10.63.2.252:161 UDP TTL:126 TOS:0x0 ID:15599 IpLen:20 DgmLen:105 Len: 77 ** END OF DUMP |
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**] [Classification: Misc activity] [Priority: 3] 05/27-01:10:37.586222 10.53.96.1 -> 192.168.1.105 ICMP TTL:254 TOS:0x0 ID:16940 IpLen:20 DgmLen:56 Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED, PACKET FILTERED ** ORIGINAL DATAGRAM DUMP: 192.168.1.105:2797 -> 10.63.2.252:161 UDP TTL:126 TOS:0x0 ID:15682 IpLen:20 DgmLen:106 Len: 78 ** END OF DUMP |
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**] [Classification: Misc activity] [Priority: 3] 05/28-00:26:17.845015 10.53.96.1 -> 192.168.1.105 ICMP TTL:254 TOS:0x0 ID:4278 IpLen:20 DgmLen:56 Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED, PACKET FILTERED ** ORIGINAL DATAGRAM DUMP: 192.168.1.105:1030 -> 10.63.2.252:161 UDP TTL:126 TOS:0x0 ID:28797 IpLen:20 DgmLen:105 Len: 77 ** END OF DUMP |
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**] [Classification: Misc activity] [Priority: 3] 05/28-00:26:36.744592 10.53.96.1 -> 192.168.1.105 ICMP TTL:254 TOS:0x0 ID:4768 IpLen:20 DgmLen:56 Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED, PACKET FILTERED ** ORIGINAL DATAGRAM DUMP: 192.168.1.105:1030 -> 10.63.2.252:161 UDP TTL:126 TOS:0x0 ID:28800 IpLen:20 DgmLen:105 Len: 77 ** END OF DUMP |
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**] [Classification: Misc activity] [Priority: 3] 05/28-00:36:55.392798 10.53.96.1 -> 192.168.1.105 ICMP TTL:254 TOS:0x0 ID:22523 IpLen:20 DgmLen:56 Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED, PACKET FILTERED ** ORIGINAL DATAGRAM DUMP: 192.168.1.105:1030 -> 10.63.2.252:161 UDP TTL:126 TOS:0x0 ID:33884 IpLen:20 DgmLen:105 Len: 77 ** END OF DUMP |
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**] [Classification: Misc activity] [Priority: 3] 05/28-00:37:01.396977 10.53.96.1 -> 192.168.1.105 ICMP TTL:254 TOS:0x0 ID:22663 IpLen:20 DgmLen:56 Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED, PACKET FILTERED ** ORIGINAL DATAGRAM DUMP: 192.168.1.105:1030 -> 10.63.2.252:161 UDP TTL:126 TOS:0x0 ID:33896 IpLen:20 DgmLen:105 Len: 77 ** END OF DUMP |
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**] [Classification: Misc activity] [Priority: 3] 06/01-19:23:01.044217 10.53.96.1 -> 192.168.1.105 ICMP TTL:254 TOS:0x0 ID:41068 IpLen:20 DgmLen:56 Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED, PACKET FILTERED ** ORIGINAL DATAGRAM DUMP: 192.168.1.105:1030 -> 10.63.2.252:161 UDP TTL:126 TOS:0x0 ID:31605 IpLen:20 DgmLen:105 Len: 77 ** END OF DUMP |
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**] [Classification: Misc activity] [Priority: 3] 06/01-19:23:13.300008 10.53.96.1 -> 192.168.1.105 ICMP TTL:254 TOS:0x0 ID:41389 IpLen:20 DgmLen:56 Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED, PACKET FILTERED ** ORIGINAL DATAGRAM DUMP: 192.168.1.105:1030 -> 10.63.2.252:161 UDP TTL:126 TOS:0x0 ID:31607 IpLen:20 DgmLen:105 Len: 77 ** END OF DUMP |
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**] [Classification: Misc activity] [Priority: 3] 06/06-14:47:54.946149 10.53.96.1 -> 192.168.1.105 ICMP TTL:254 TOS:0x0 ID:20241 IpLen:20 DgmLen:56 Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED, PACKET FILTERED ** ORIGINAL DATAGRAM DUMP: 192.168.1.105:1027 -> 10.63.2.252:161 UDP TTL:126 TOS:0x0 ID:10159 IpLen:20 DgmLen:105 Len: 77 ** END OF DUMP |
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**] [Classification: Misc activity] [Priority: 3] 06/06-14:58:18.865252 10.53.96.1 -> 192.168.1.105 ICMP TTL:254 TOS:0x0 ID:37824 IpLen:20 DgmLen:56 Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED, PACKET FILTERED ** ORIGINAL DATAGRAM DUMP: 192.168.1.105:1027 -> 10.52.11.251:161 UDP TTL:126 TOS:0x0 ID:14933 IpLen:20 DgmLen:105 Len: 77 ** END OF DUMP |
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**] [Classification: Misc activity] [Priority: 3] 06/06-15:09:13.245821 10.53.96.1 -> 192.168.1.105 ICMP TTL:254 TOS:0x0 ID:56927 IpLen:20 DgmLen:56 Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED, PACKET FILTERED ** ORIGINAL DATAGRAM DUMP: 192.168.1.105:1027 -> 10.52.11.251:161 UDP TTL:126 TOS:0x0 ID:16052 IpLen:20 DgmLen:105 Len: 77 ** END OF DUMP |
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**] [Classification: Misc activity] [Priority: 3] 06/06-15:20:01.818508 10.53.96.1 -> 192.168.1.105 ICMP TTL:254 TOS:0x0 ID:10689 IpLen:20 DgmLen:56 Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED, PACKET FILTERED ** ORIGINAL DATAGRAM DUMP: 192.168.1.105:1027 -> 10.52.11.251:161 UDP TTL:126 TOS:0x0 ID:17664 IpLen:20 DgmLen:105 Len: 77 ** END OF DUMP |
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**] [Classification: Misc activity] [Priority: 3] 06/06-15:42:16.219639 10.53.96.1 -> 192.168.1.105 ICMP TTL:254 TOS:0x0 ID:51919 IpLen:20 DgmLen:56 Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED, PACKET FILTERED ** ORIGINAL DATAGRAM DUMP: 192.168.1.105:1027 -> 10.63.2.252:161 UDP TTL:126 TOS:0x0 ID:20303 IpLen:20 DgmLen:105 Len: 77 ** END OF DUMP |
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**] [Classification: Executable code was detected] [Priority: 1] 06/08-13:53:22.216062 209.8.166.171:80 -> 192.168.1.105:1171 TCP TTL:53 TOS:0x0 ID:23169 IpLen:20 DgmLen:1300 DF ***AP*** Seq: 0x8CEE99B4 Ack: 0x6836A46A Win: 0x7FF8 TcpLen: 20 |
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**] [Classification: Misc activity] [Priority: 3] 06/08-14:02:38.834783 10.53.96.1 -> 192.168.1.105 ICMP TTL:254 TOS:0x0 ID:18295 IpLen:20 DgmLen:56 Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED, PACKET FILTERED ** ORIGINAL DATAGRAM DUMP: 192.168.1.105:1030 -> 10.63.2.252:161 UDP TTL:126 TOS:0x0 ID:15057 IpLen:20 DgmLen:105 Len: 77 ** END OF DUMP |
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**] [Classification: Misc activity] [Priority: 3] 06/08-14:37:53.642858 10.53.96.1 -> 192.168.1.105 ICMP TTL:254 TOS:0x0 ID:20855 IpLen:20 DgmLen:56 Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED, PACKET FILTERED ** ORIGINAL DATAGRAM DUMP: 192.168.1.105:1030 -> 10.52.11.251:161 UDP TTL:126 TOS:0x0 ID:19983 IpLen:20 DgmLen:105 Len: 77 ** END OF DUMP |
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**] [Classification: Misc activity] [Priority: 3] 06/08-14:38:12.644801 10.53.96.1 -> 192.168.1.105 ICMP TTL:254 TOS:0x0 ID:21468 IpLen:20 DgmLen:56 Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED, PACKET FILTERED ** ORIGINAL DATAGRAM DUMP: 192.168.1.105:1030 -> 10.63.2.252:161 UDP TTL:126 TOS:0x0 ID:19986 IpLen:20 DgmLen:105 Len: 77 ** END OF DUMP |