So I was checking some logs today and I came across some thing that I think were exploits. All were directed towards telnet port.
[truncated] Data: \211$v\303\357>Q\314P\204(\260\365Z\255w\367\240p\276Yk\241jU\327\212\006\202\205\\006\323B\327\305\230m\250,j\215\b\267\031\335v0\310\325\365\257\263g\233J\243\2543QH\206\303b\200\341\336Ha\271\037\374\304%z\325\253x\245
[truncated] Data: \222\307\252\274G\250:\272\026\265\220\210/\263\355\204\307\367!\347\204\301\341\250v\026^S\267\f\220\251\312M\340\003\233X])w-)\257A\005\355l/b\230\362I\230\024R\306b\233\230\372\026\263\217\207\274\214\253\031i\354Z\340
[truncated] Data: \335\037"\315\366\035\331\351\355=\355\323k\024<\324!\254'4e\235\362\230\000\314\036H D\261\242\372D\223-\020\307\236\330\031"M\023\323\361\317\373\245\375\231\332p\301\214\325\a\262 \252\266\307g\351 g\247\373\263\240\35
[truncated] Data: 2\023<o\t\313 Q8\324`\200\320\202OCh\274\346v\362N\274\316\2501\374=AV:\216\375\310\244Q\307N\361;\243:';$\366\234me\310L\230US(E\207\022Q\351\357\313R\017\353Y\244\001I\222\236\347\244\275\004uH}L^\022Ag\001"\274\342\315
[truncated] Data: \243\271\315\372\327]\3764\004|\241\241o&\317d"\342\277\327J2\332\267q\375dwj\203[\303\322\247~Q\303I\314yICs\030\260u(O\363}K\231\340@//S\353~\250\fU\346T/\272&xf\341\317\330\206\031\324\fn\335\017\256\321\263\357\265]x\
[truncated] Data: \004\202U\333\217\341\304\323\212$\354\334\215\316P\212|{C{\353\237\232S\234Fb\rc\t-\226%\366\263\037\342\323\321p\026\252\016]\251\245Q\353T\212\344\331\202[g\017@^D}\327\177\005K[\026\347\005\362\3439\321;\257\376\225c\
[truncated] Data: y\006\333\j\v%\2658@\f\355\v\0333\260\003-Ok\246K;$\341\366\334\220\204\002\232l\315\242"R\213\311l\034\373\265(\347\250\323\376\260\220\215\200\303\232\0348\346\363\256\301<\235f\347\024p\243\325R\273Ne\325\374\030a\200m
O.K. this is probably torrent stuff. Maybe the rest is too but you tell me!
Data: \023BitTorrent protocol\000\000\000\000\000\020\000\005|\306N>\263T\3367\270\325\304\375\370\au\366\213W\307\253-UT1810-_1y\360}\335"\f%\212M\376\000\000\000\255\024\000d1:ei0e1:md11:upload_onlyi3
Telnet..????
- Lyecdevf
- cyber Idi Amin
- Posts: 1222
- Joined: 16 Mar 2006, 17:00
- 18
- Location: In between life and death.
- Contact:
Telnet..????
We will either find a way, or make one.
- Hannibal
- Hannibal
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 18
- Location: In your eye floaters.
- Contact:
hmm...the data looks "weird", but the one that is definitely from torrent traffic looks similar to the "undefined" ones....so it's very likely that all of those are in context with torrent traffic. it is definitely NOT shellcode, so those are no exploitation attempts...
but to be 100% sure I would have to see the packet headers (but I am 99.9% sure already)...
but to be 100% sure I would have to see the packet headers (but I am 99.9% sure already)...
yea the data part of the packets can sometimes be useless unless you know what the protocol is. The rest of the packet is the TCP/IP headers with IPs, macs, file type, packet type, etc
More nfo please!
DNR
More nfo please!
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.