Security Hero Rotating Header Image

Odd packets, (Fri, May 1st)

Odd packets, (Fri, May 1st)

No. Time Source Destination Protocol Info

107496 10.768466 10.10.10.10 12.12.12.12 UDP Source port: 43152 Destination port: http

Frame 107496 (118 bytes on wire, 118 bytes captured)

Ethernet II, Src: Cisco (MACSRC), Dst: Cisco (MACDST)

Internet Protocol, Src: my-net (10.10.10.10), Dst: apnic (12.12.12.12)

User Datagram Protocol, Src Port: 43152 (43152), Dst Port: http (80)

Data (76 bytes)

0030 01 00 8f f9 08 00 61 62 63 64 65 66 67 68 69 6a ……abcdefghij

0040 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 61 62 63 klmnopqrstuvwabc

0050 64 65 66 67 68 69 00 00 00 00 00 00 00 00 00 00 defghi……….

0060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….

0070 00 00 00 00 00 00
A few things to note, these are UDP packets from a high src port to port 80. They are coming from an ‘our’ network and going to a system in APNIC. There are a significant number of them.
Any ideas? Let us know.
Cheers,

Adrien de Beaupr

EWA-Canada.com

URL: http://isc.sans.org/diary.php?storyid=6304&rss

Leave a Reply

Your email address will not be published. Required fields are marked *