-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 25 January 2003 22:30, Charles Sprickman wrote:
On Sat, 25 Jan 2003, Brian Coyle wrote:
I have a similar packet (but only one) from the same host (time is ntp sync'd EST).
Jan 20 12:55:47 firewall kernel: Packet log: input - ppp0 PROTO=17 67.8.33.179:1 65.83.153.253:1434 L=29 S=0x00 I=20300 F=0x0000 T=110 (#23)
That's a busy machine apparently:
Jan 19 01:13:16 gw ipmon[32123]: 01:13:15.993484 ed0 @0:20 b 67.8.33.179,1 -> 66.92.x.x,1434 PR udp len 20 29 IN
(also EST, NTP synced)
Additional correlations are being reported over on the intrusions@incidents.org list... http://www.sans.org/intrusions/ - -- 42 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Brian Coyle, GCIA http://www.giac.org/GCIA.php iD8DBQE+M1x6ER3MuHUncBsRAhiUAJ4+8RCpTicU4VWZzkXlR8grUjOBrQCfZHP9 VzmEQod+qeXiL50M/llrZvA= =LuxR -----END PGP SIGNATURE-----