New server based wargame starting february 26!

Post by **bad_brain** » 25 Feb 2008, 16:45

stay tuned guys, from tomorrow (february 26) until march 6 you'll have the opportunity trying to hack a server legally, we'll use the old suck-o one for this....details will be announce here tomorrow!

G-Brain · Post by **G-Brain** » 26 Feb 2008, 02:27

Hehehe, nice!

Lyecdevf · Post by **Lyecdevf** » 26 Feb 2008, 02:32

Oh, this is going to be fun! Not that I am going to be able to penetrate the server but I figure if you get some logs from me I could get some useful feedback.

Post by **bad_brain** » 26 Feb 2008, 07:48

alrighty, here we go:
IP: 88.80.197.29
rules stay the same: everything allowed except DoS/DDoS attacks.

I will post IDS logs daily, the wargame ends on march 6!

happy hacking!

Lyecdevf · Post by **Lyecdevf** » 26 Feb 2008, 16:07

I am not sure if it is O.K. to post the results of the port scan so if they are erased that is O.K. with me. I would just like to clarify some thing that I did not understand about the scan.

The following is the port scan of the machine:

Starting Nmap 4.20 ( http://insecure.org ) at 2008-02-26 15:45 CET
Interesting ports on 88.80.197.29 (88.80.197.29):
Not shown: 1682 closed ports
PORT STATE SERVICE VERSION
21/tcp open tcpwrapped
22/tcp open ssh OpenSSH 3.8.1p1 Debian 8.sarge.6 (protocol 2.0)
23/tcp open telnet Linux telnetd
25/tcp open smtp?
80/tcp open http Apache httpd 2.0.54 ((Debian GNU/Linux) mod_python/3.1.3 Python/2.3.5 PHP/4.3.10-18 mod_ssl/2.0.54 OpenSSL/0.9.7e)
135/tcp filtered msrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
443/tcp open http Apache httpd 2.0.54 ((Debian GNU/Linux) mod_python/3.1.3 Python/2.3.5 PHP/4.3.10-18 mod_ssl/2.0.54 OpenSSL/0.9.7e)
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
623/tcp filtered unknown
664/tcp filtered unknown
6881/tcp filtered bittorent-tracker
Service Info: OS: Linux

I am not sure about these filtered ports. What does this mean? Is the port open or not!? From the results I am assuming you are running bitorrent. You do not have to tell me but would that be a fair assessment from the results?

G-Brain · Post by **G-Brain** » 26 Feb 2008, 16:48

Shit, root:god didn't work.

Post by **bad_brain** » 26 Feb 2008, 17:41

lyec, don't trust scans too much, especially when you run them from a MS box:

Code: Select all

88:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

and here the 1st IDS logs:

Code: Select all

[**] [122:17:0] (portscan) UDP Portscan [**]
02/26-14:52:10.586722 217.228.249.182 -> 88.80.197.29
PROTO255 TTL:0 TOS:0xC0 ID:24997 IpLen:20 DgmLen:168

[**] [1:1444:3] TFTP Get [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
02/26-14:52:21.872600 217.228.249.182:3637 -> 88.80.197.29:69
UDP TTL:121 TOS:0x0 ID:38412 IpLen:20 DgmLen:50
Len: 22

[**] [1:1411:10] SNMP public access udp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-14:52:25.234089 217.228.249.182:3641 -> 88.80.197.29:161
UDP TTL:121 TOS:0x0 ID:38423 IpLen:20 DgmLen:62
Len: 34
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0517][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088][Xref => http://www.securityfocus.com/bid/2112]

[**] [1:1417:9] SNMP request udp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-14:52:25.234089 217.228.249.182:3641 -> 88.80.197.29:161
UDP TTL:121 TOS:0x0 ID:38423 IpLen:20 DgmLen:62
Len: 34
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:2049:4] MS-SQL ping attempt [**]
[Classification: Misc activity] [Priority: 3] 
02/26-14:52:35.573413 217.228.249.182:3649 -> 88.80.197.29:1434
UDP TTL:121 TOS:0x0 ID:38431 IpLen:20 DgmLen:30
Len: 2
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674]

[**] [105:1:1] (spo_bo) Back Orifice Traffic detected [**]
02/26-14:52:55.858997 217.228.249.182:3666 -> 88.80.197.29:31337
UDP TTL:121 TOS:0x0 ID:38454 IpLen:20 DgmLen:46
Len: 18

[**] [122:1:0] (portscan) TCP Portscan [**]
02/26-14:53:05.244647 217.228.249.182 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:164 DF

[**] [1:1616:6] DNS named version attempt [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-14:53:14.995671 217.228.249.182:3679 -> 88.80.197.29:53
UDP TTL:121 TOS:0x0 ID:38998 IpLen:20 DgmLen:58
Len: 30
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10028][Xref => http://www.whitehats.com/info/IDS278]

[**] [122:17:0] (portscan) UDP Portscan [**]
02/26-14:53:18.052313 217.228.249.182 -> 88.80.197.29
PROTO255 TTL:0 TOS:0xC0 ID:25050 IpLen:20 DgmLen:167

[**] [122:17:0] (portscan) UDP Portscan [**]
02/26-14:54:18.794857 217.228.249.182 -> 88.80.197.29
PROTO255 TTL:0 TOS:0xC0 ID:25098 IpLen:20 DgmLen:169

[**] [105:1:1] (spo_bo) Back Orifice Traffic detected [**]
02/26-14:54:41.052567 217.228.249.182:3925 -> 88.80.197.29:31337
UDP TTL:121 TOS:0x0 ID:39193 IpLen:20 DgmLen:46
Len: 18

[**] [1:1411:10] SNMP public access udp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-14:54:48.744031 217.228.249.182:3954 -> 88.80.197.29:161
UDP TTL:121 TOS:0x0 ID:39211 IpLen:20 DgmLen:62
Len: 34
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0517][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088][Xref => http://www.securityfocus.com/bid/2112]

[**] [1:1417:9] SNMP request udp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-14:54:48.744031 217.228.249.182:3954 -> 88.80.197.29:161
UDP TTL:121 TOS:0x0 ID:39211 IpLen:20 DgmLen:62
Len: 34
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1444:3] TFTP Get [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
02/26-14:54:48.799230 217.228.249.182:3967 -> 88.80.197.29:69
UDP TTL:121 TOS:0x0 ID:39224 IpLen:20 DgmLen:50
Len: 22

[**] [1:1616:6] DNS named version attempt [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-14:54:49.368852 217.228.249.182:3943 -> 88.80.197.29:53
UDP TTL:121 TOS:0x0 ID:39266 IpLen:20 DgmLen:58
Len: 30
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10028][Xref => http://www.whitehats.com/info/IDS278]

[**] [1:2049:4] MS-SQL ping attempt [**]
[Classification: Misc activity] [Priority: 3] 
02/26-14:54:50.322741 217.228.249.182:3949 -> 88.80.197.29:1434
UDP TTL:121 TOS:0x0 ID:39285 IpLen:20 DgmLen:30
Len: 2
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674]

[**] [122:1:0] (portscan) TCP Portscan [**]
02/26-15:41:17.892974 84.20.246.189 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:162 DF

[**] [122:1:0] (portscan) TCP Portscan [**]
02/26-15:42:19.758591 84.20.246.189 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:163 DF

[**] [1:1420:11] SNMP trap tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-15:42:43.630086 84.20.246.189:63686 -> 88.80.197.29:162
TCP TTL:51 TOS:0x0 ID:15128 IpLen:20 DgmLen:60 DF
******S* Seq: 0xD6D6DB4B  Ack: 0x0  Win: 0x16D0  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 36102227 0 NOP WS: 6 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [122:1:0] (portscan) TCP Portscan [**]
02/26-15:43:18.487847 84.20.246.189 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:163 DF

[**] [122:1:0] (portscan) TCP Portscan [**]
02/26-15:44:20.115451 84.20.246.189 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:163 DF

[**] [1:1421:11] SNMP AgentX/tcp request [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-15:44:55.922557 84.20.246.189:63452 -> 88.80.197.29:705
TCP TTL:51 TOS:0x0 ID:8963 IpLen:20 DgmLen:60 DF
******S* Seq: 0x528E426C  Ack: 0x0  Win: 0x16D0  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 36135279 0 NOP WS: 6 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [122:1:0] (portscan) TCP Portscan [**]
02/26-15:45:20.884393 84.20.246.189 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:163 DF

[**] [122:1:0] (portscan) TCP Portscan [**]
02/26-15:46:21.362279 84.20.246.189 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:162 DF

[**] [1:1418:11] SNMP request tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-15:47:01.455761 84.20.246.189:62889 -> 88.80.197.29:161
TCP TTL:51 TOS:0x0 ID:43116 IpLen:20 DgmLen:60 DF
******S* Seq: 0xC8147457  Ack: 0x0  Win: 0x16D0  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 36166715 0 NOP WS: 6 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:469:3] ICMP PING NMAP [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-15:58:23.057482 77.160.39.17 -> 88.80.197.29
ICMP TTL:37 TOS:0x0 ID:49466 IpLen:20 DgmLen:28
Type:8  Code:0  ID:56530   Seq:65423  ECHO
[Xref => http://www.whitehats.com/info/IDS162]

[**] [122:1:0] (portscan) TCP Portscan [**]
02/26-15:58:23.405104 77.160.39.17 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:160 DF

[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2] 
02/26-16:00:24.845616 203.94.243.191:1932 -> 88.80.197.29:1434
UDP TTL:112 TOS:0x0 ID:12068 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:2050:7] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3] 
02/26-16:00:24.845616 203.94.243.191:1932 -> 88.80.197.29:1434
UDP TTL:112 TOS:0x0 ID:12068 IpLen:20 DgmLen:404
Len: 376
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:469:3] ICMP PING NMAP [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-17:25:26.824770 75.81.118.41 -> 88.80.197.29
ICMP TTL:31 TOS:0x0 ID:30957 IpLen:20 DgmLen:28
Type:8  Code:0  ID:32768   Seq:0  ECHO
[Xref => http://www.whitehats.com/info/IDS162]

[**] [122:1:0] (portscan) TCP Portscan [**]
02/26-17:25:27.365439 75.81.118.41 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:160 DF

[**] [1:1421:11] SNMP AgentX/tcp request [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-17:25:28.855211 75.81.118.41:48372 -> 88.80.197.29:705
TCP TTL:39 TOS:0x0 ID:22449 IpLen:20 DgmLen:44
******S* Seq: 0x6F050DF9  Ack: 0x0  Win: 0xC00  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1418:11] SNMP request tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-17:26:16.813104 75.81.118.41:48373 -> 88.80.197.29:161
TCP TTL:37 TOS:0x0 ID:17948 IpLen:20 DgmLen:44
******S* Seq: 0x6F040DF8  Ack: 0x0  Win: 0x400  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [122:1:0] (portscan) TCP Portscan [**]
02/26-17:26:40.383127 75.81.118.41 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:161 DF

[**] [122:1:0] (portscan) TCP Portscan [**]
02/26-17:27:40.802527 75.81.118.41 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:160 DF

[**] [1:1421:11] SNMP AgentX/tcp request [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-17:27:41.517227 75.81.118.41:48373 -> 88.80.197.29:705
TCP TTL:32 TOS:0x0 ID:8723 IpLen:20 DgmLen:44
******S* Seq: 0x6F040DF8  Ack: 0x0  Win: 0x1000  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1420:11] SNMP trap tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-17:27:58.068795 75.81.118.41:48372 -> 88.80.197.29:162
TCP TTL:34 TOS:0x0 ID:7991 IpLen:20 DgmLen:44
******S* Seq: 0x6F050DF9  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [122:1:0] (portscan) TCP Portscan [**]
02/26-17:37:27.001081 85.30.168.207 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:163 DF

[**] [1:1421:11] SNMP AgentX/tcp request [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-17:37:28.376881 85.30.168.207:39446 -> 88.80.197.29:705
TCP TTL:42 TOS:0x0 ID:24554 IpLen:20 DgmLen:44
******S* Seq: 0x2B09B5C6  Ack: 0x0  Win: 0x1000  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1418:11] SNMP request tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-17:37:28.999258 85.30.168.207:39446 -> 88.80.197.29:161
TCP TTL:47 TOS:0x0 ID:54165 IpLen:20 DgmLen:44
******S* Seq: 0x2B09B5C6  Ack: 0x0  Win: 0x400  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1420:11] SNMP trap tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-17:37:29.090100 85.30.168.207:39446 -> 88.80.197.29:162
TCP TTL:28 TOS:0x0 ID:24415 IpLen:20 DgmLen:44
******S* Seq: 0x2B09B5C6  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2] 
02/26-17:47:10.086295 75.81.118.41:4133 -> 88.80.197.29:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:141
***AP*** Seq: 0xC005C644  Ack: 0x7A8F32DE  Win: 0x40DD  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]

[**] [122:1:0] (portscan) TCP Portscan [**]
02/26-18:06:58.992020 85.30.168.207 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:164 DF

[**] [1:1421:11] SNMP AgentX/tcp request [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-18:06:58.996652 85.30.168.207:34839 -> 88.80.197.29:705
TCP TTL:44 TOS:0x0 ID:62823 IpLen:20 DgmLen:44
******S* Seq: 0x4C9F855D  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1418:11] SNMP request tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-18:07:01.505661 85.30.168.207:34839 -> 88.80.197.29:161
TCP TTL:41 TOS:0x0 ID:62088 IpLen:20 DgmLen:44
******S* Seq: 0x4C9F855D  Ack: 0x0  Win: 0xC00  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1420:11] SNMP trap tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-18:07:01.598611 85.30.168.207:34839 -> 88.80.197.29:162
TCP TTL:44 TOS:0x0 ID:31454 IpLen:20 DgmLen:44
******S* Seq: 0x4C9F855D  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [122:1:0] (portscan) TCP Portscan [**]
02/26-18:11:23.620578 65.25.82.249 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:162 DF

[**] [1:1420:11] SNMP trap tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-18:11:31.509824 65.25.82.249:46519 -> 88.80.197.29:162
TCP TTL:33 TOS:0x0 ID:25156 IpLen:20 DgmLen:44
******S* Seq: 0xB19825BC  Ack: 0x0  Win: 0xC00  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1421:11] SNMP AgentX/tcp request [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-18:11:43.123446 65.25.82.249:46519 -> 88.80.197.29:705
TCP TTL:32 TOS:0x0 ID:19044 IpLen:20 DgmLen:44
******S* Seq: 0xB19825BC  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1418:11] SNMP request tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-18:11:49.669924 65.25.82.249:46519 -> 88.80.197.29:161
TCP TTL:24 TOS:0x0 ID:36660 IpLen:20 DgmLen:44
******S* Seq: 0xB19825BC  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1418:11] SNMP request tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-18:11:50.631653 65.25.82.249:46520 -> 88.80.197.29:161
TCP TTL:45 TOS:0x0 ID:51621 IpLen:20 DgmLen:44
******S* Seq: 0xB19925BD  Ack: 0x0  Win: 0xC00  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [122:1:0] (portscan) TCP Portscan [**]
02/26-18:11:54.110922 65.25.82.249 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:161 DF

[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2] 
02/26-18:24:41.012980 85.30.168.207:42668 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:9716 IpLen:20 DgmLen:381 DF
***AP*** Seq: 0xAEB84193  Ack: 0xB6E7509  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 681069 779573870 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/26-18:24:41.099582 85.30.168.207:42668 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:9720 IpLen:20 DgmLen:405 DF
***AP**F Seq: 0xAEB853D4  Ack: 0xB6E7509  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 681083 779573925 

[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2] 
02/26-18:24:41.104633 85.30.168.207:42669 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:35732 IpLen:20 DgmLen:381 DF
***AP*** Seq: 0xB1FAF000  Ack: 0xACAC37E  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 681087 779573941 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/26-18:24:41.188429 85.30.168.207:42669 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:35736 IpLen:20 DgmLen:405 DF
***AP**F Seq: 0xB1FB0241  Ack: 0xACAC37E  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 681105 779574017 

[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2] 
02/26-18:24:41.196967 85.30.168.207:42670 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:48279 IpLen:20 DgmLen:381 DF
***AP*** Seq: 0xB5F0D8EB  Ack: 0xBA17006  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 681110 779574033 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/26-18:24:41.282713 85.30.168.207:42670 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:48283 IpLen:20 DgmLen:405 DF
***AP**F Seq: 0xB5F0EB2C  Ack: 0xBA17006  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 681129 779574109 

[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2] 
02/26-18:24:41.287755 85.30.168.207:42671 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:39675 IpLen:20 DgmLen:381 DF
***AP*** Seq: 0xBADAFE70  Ack: 0xB222D9D  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 681133 779574125 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/26-18:24:41.375253 85.30.168.207:42671 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:39679 IpLen:20 DgmLen:405 DF
***AP**F Seq: 0xBADB10B1  Ack: 0xB222D9D  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 681152 779574200 

[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2] 
02/26-18:24:41.380893 85.30.168.207:42672 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:20735 IpLen:20 DgmLen:381 DF
***AP*** Seq: 0xC0613451  Ack: 0xB81F0FD  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 681156 779574215 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/26-18:24:41.470737 85.30.168.207:42672 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:20739 IpLen:20 DgmLen:405 DF
***AP**F Seq: 0xC0614692  Ack: 0xB81F0FD  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 681176 779574293 

[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2] 
02/26-18:24:41.475082 85.30.168.207:42673 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:18248 IpLen:20 DgmLen:272 DF
***AP*** Seq: 0xC5F82383  Ack: 0xADECCFF  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 681179 779574308 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]

[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2] 
02/26-18:25:17.518969 85.30.168.207:42677 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:28197 IpLen:20 DgmLen:381 DF
***AP*** Seq: 0x2F62E62A  Ack: 0xCECE6FF  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 690197 779610387 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/26-18:25:17.599829 85.30.168.207:42677 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:28201 IpLen:20 DgmLen:405 DF
***AP**F Seq: 0x2F62F86B  Ack: 0xCECE6FF  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 690210 779610436 

[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2] 
02/26-18:25:17.605170 85.30.168.207:42678 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:52805 IpLen:20 DgmLen:381 DF
***AP*** Seq: 0x323F4656  Ack: 0xCFE5A74  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 690214 779610453 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/26-18:25:17.686428 85.30.168.207:42678 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:52809 IpLen:20 DgmLen:405 DF
***AP**F Seq: 0x323F5897  Ack: 0xCFE5A74  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 690231 779610523 

[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2] 
02/26-18:25:17.691171 85.30.168.207:42679 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:47611 IpLen:20 DgmLen:381 DF
***AP*** Seq: 0x35AE31E0  Ack: 0xD41F607  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 690235 779610539 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/26-18:25:17.773233 85.30.168.207:42679 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:47615 IpLen:20 DgmLen:405 DF
***AP**F Seq: 0x35AE4421  Ack: 0xD41F607  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 690253 779610609 

[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2] 
02/26-18:25:17.777823 85.30.168.207:42680 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:15713 IpLen:20 DgmLen:381 DF
***AP*** Seq: 0x3AFBB565  Ack: 0xDBED668  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 690257 779610625 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/26-18:25:17.860580 85.30.168.207:42680 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:15717 IpLen:20 DgmLen:405 DF
***AP**F Seq: 0x3AFBC7A6  Ack: 0xDBED668  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 690275 779610695 

[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2] 
02/26-18:25:17.865774 85.30.168.207:42681 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:32174 IpLen:20 DgmLen:381 DF
***AP*** Seq: 0x3FDDF5FE  Ack: 0xD6BB970  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 690279 779610712 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/26-18:25:17.946334 85.30.168.207:42681 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:32178 IpLen:20 DgmLen:405 DF
***AP**F Seq: 0x3FDE083F  Ack: 0xD6BB970  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 690297 779610783 

[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2] 
02/26-18:25:17.950585 85.30.168.207:42682 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:41460 IpLen:20 DgmLen:272 DF
***AP*** Seq: 0x45022996  Ack: 0xD3E58D6  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 690301 779610800 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]

[**] [122:1:0] (portscan) TCP Portscan [**]
02/26-18:26:31.189585 85.30.168.207 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:162 DF

[**] [1:1418:11] SNMP request tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-18:26:32.751964 85.30.168.207:37239 -> 88.80.197.29:161
TCP TTL:28 TOS:0x0 ID:20390 IpLen:20 DgmLen:44
******S* Seq: 0x4E53CB38  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1421:11] SNMP AgentX/tcp request [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-18:26:33.384070 85.30.168.207:37239 -> 88.80.197.29:705
TCP TTL:34 TOS:0x0 ID:26599 IpLen:20 DgmLen:44
******S* Seq: 0x4E53CB38  Ack: 0x0  Win: 0x1000  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1420:11] SNMP trap tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-18:26:33.422755 85.30.168.207:37239 -> 88.80.197.29:162
TCP TTL:50 TOS:0x0 ID:22237 IpLen:20 DgmLen:44
******S* Seq: 0x4E53CB38  Ack: 0x0  Win: 0x1000  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [122:1:0] (portscan) TCP Portscan [**]
02/26-18:29:18.812574 85.30.168.207 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:162 DF

[**] [1:1418:11] SNMP request tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-18:29:20.290392 85.30.168.207:38160 -> 88.80.197.29:161
TCP TTL:40 TOS:0x0 ID:11274 IpLen:20 DgmLen:44
******S* Seq: 0xB1E27A9A  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1420:11] SNMP trap tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-18:29:21.990754 85.30.168.207:38160 -> 88.80.197.29:162
TCP TTL:29 TOS:0x0 ID:59499 IpLen:20 DgmLen:44
******S* Seq: 0xB1E27A9A  Ack: 0x0  Win: 0xC00  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2] 
02/26-18:35:22.886410 202.101.235.100:1058 -> 88.80.197.29:1434
UDP TTL:116 TOS:0x28 ID:29234 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:2050:7] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3] 
02/26-18:35:22.886410 202.101.235.100:1058 -> 88.80.197.29:1434
UDP TTL:116 TOS:0x28 ID:29234 IpLen:20 DgmLen:404
Len: 376
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5310]

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
02/26-18:52:22.311184 85.30.168.207:53745 -> 88.80.197.29:80
TCP TTL:55 TOS:0x0 ID:46466 IpLen:20 DgmLen:1110 DF
***AP*** Seq: 0x92D20E8C  Ack: 0x7383D794  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1096471 781235419 

[**] [1:3274:2] TELNET login buffer non-evasive overflow attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
02/26-19:13:24.194643 85.30.168.207:40020 -> 88.80.197.29:23
TCP TTL:55 TOS:0x0 ID:15062 IpLen:20 DgmLen:165 DF
***AP*** Seq: 0x173DB0DF  Ack: 0xC1FD4D5A  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1412004 782497503 
[Xref => http://www.securityfocus.com/bid/3681][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0797]

[**] [122:1:0] (portscan) TCP Portscan [**]
02/26-19:14:52.113451 85.30.168.207 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:161 DF

[**] [1:1418:11] SNMP request tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-19:14:53.727491 85.30.168.207:41115 -> 88.80.197.29:161
TCP TTL:38 TOS:0x0 ID:58755 IpLen:20 DgmLen:44
******S* Seq: 0x2E5F95B6  Ack: 0x0  Win: 0x1000  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1421:11] SNMP AgentX/tcp request [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-19:14:54.244695 85.30.168.207:41115 -> 88.80.197.29:705
TCP TTL:46 TOS:0x0 ID:32023 IpLen:20 DgmLen:44
******S* Seq: 0x2E5F95B6  Ack: 0x0  Win: 0x1000  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1420:11] SNMP trap tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-19:14:54.670608 85.30.168.207:41115 -> 88.80.197.29:162
TCP TTL:28 TOS:0x0 ID:720 IpLen:20 DgmLen:44
******S* Seq: 0x2E5F95B6  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [122:1:0] (portscan) TCP Portscan [**]
02/26-19:33:09.921032 85.30.168.207 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:164 DF

[**] [1:1420:11] SNMP trap tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-19:33:10.561183 85.30.168.207:54308 -> 88.80.197.29:162
TCP TTL:31 TOS:0x0 ID:9804 IpLen:20 DgmLen:44
******S* Seq: 0xAC5874FD  Ack: 0x0  Win: 0x400  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1421:11] SNMP AgentX/tcp request [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-19:33:11.978733 85.30.168.207:54308 -> 88.80.197.29:705
TCP TTL:36 TOS:0x0 ID:36574 IpLen:20 DgmLen:44
******S* Seq: 0xAC5874FD  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1418:11] SNMP request tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/26-19:33:12.149535 85.30.168.207:54308 -> 88.80.197.29:161
TCP TTL:28 TOS:0x0 ID:37381 IpLen:20 DgmLen:44
******S* Seq: 0xAC5874FD  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2] 
02/26-20:56:17.190751 59.63.25.161:1031 -> 88.80.197.29:1434
UDP TTL:116 TOS:0x28 ID:27373 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:2050:7] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3] 
02/26-20:56:17.190751 59.63.25.161:1031 -> 88.80.197.29:1434
UDP TTL:116 TOS:0x28 ID:27373 IpLen:20 DgmLen:404
Len: 376
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5310]

Lyecdevf · Post by **Lyecdevf** » 27 Feb 2008, 11:30

If you believe it or not this is the first time I am doing some thing like this.. I had to go to milworm today and get some exploits to run so I am really anctious to learn if it generated any logs. Well here is ere are my logs:

[*] host: 88.80.197.29
[*] port: 80
[*] count: 3
[*] strcpy@plt: 0x8060c80
[*] offset: 4112
[*] pop_pop_pop_ret_code: 0x8060dc4
[*] pop_pop_ret_code: 0x8060dc5
[*] ret_code: 0x8060dc7
[*] map_uri_to_worker() arg1: 0x80474bc
[*] start retaddr: 0x100104

;pPpppppPPPpPpppPPppPPPPpPPPpppPPPPPPPpP
[-] connect(): Too many open files
[-] exploit failed.
lyecdevf@linux:~/Desktop>

Post by **bad_brain** » 27 Feb 2008, 17:28

alright, here the next logs, there were loads of FIN scans and BARE BYTE UNICODE entries, and when the source IPs where the same I removed the multiple entries...the log was almost 900kb...

Code: Select all

[**] [1:469:3] ICMP PING NMAP [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-01:21:04.081482 24.37.78.147 -> 88.80.197.29
ICMP TTL:20 TOS:0x0 ID:21545 IpLen:20 DgmLen:28
Type:8  Code:0  ID:3987   Seq:48990  ECHO
[Xref => http://www.whitehats.com/info/IDS162]

[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2] 
02/27-01:23:05.619951 218.9.66.130:2540 -> 88.80.197.29:1434
UDP TTL:111 TOS:0x0 ID:25013 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:2050:7] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3] 
02/27-01:23:05.619951 218.9.66.130:2540 -> 88.80.197.29:1434
UDP TTL:111 TOS:0x0 ID:25013 IpLen:20 DgmLen:404
Len: 376
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2] 
02/27-01:23:54.312945 222.57.123.227:2284 -> 88.80.197.29:1434
UDP TTL:113 TOS:0x0 ID:50224 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:2050:7] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3] 
02/27-01:23:54.312945 222.57.123.227:2284 -> 88.80.197.29:1434
UDP TTL:113 TOS:0x0 ID:50224 IpLen:20 DgmLen:404
Len: 376
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:469:3] ICMP PING NMAP [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-01:27:02.364111 24.37.78.147 -> 88.80.197.29
ICMP TTL:37 TOS:0x0 ID:46503 IpLen:20 DgmLen:28
Type:8  Code:0  ID:55776   Seq:29668  ECHO
[Xref => http://www.whitehats.com/info/IDS162]

[**] [122:1:0] (portscan) TCP Portscan [**]
02/27-01:27:03.057215 24.37.78.147 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:160 DF

[**] [1:1420:11] SNMP trap tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-01:27:04.262465 24.37.78.147:41460 -> 88.80.197.29:162
TCP TTL:30 TOS:0x0 ID:20810 IpLen:20 DgmLen:44
******S* Seq: 0x120200D7  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1421:11] SNMP AgentX/tcp request [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-01:27:04.637660 24.37.78.147:41460 -> 88.80.197.29:705
TCP TTL:28 TOS:0x0 ID:5471 IpLen:20 DgmLen:44
******S* Seq: 0x120200D7  Ack: 0x0  Win: 0x1000  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1418:11] SNMP request tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-01:27:08.869853 24.37.78.147:41460 -> 88.80.197.29:161
TCP TTL:21 TOS:0x0 ID:59030 IpLen:20 DgmLen:44
******S* Seq: 0x120200D7  Ack: 0x0  Win: 0x400  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:469:3] ICMP PING NMAP [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-02:05:23.376283 24.37.78.147 -> 88.80.197.29
ICMP TTL:21 TOS:0x0 ID:7528 IpLen:20 DgmLen:28
Type:8  Code:0  ID:22254   Seq:54978  ECHO
[Xref => http://www.whitehats.com/info/IDS162]

[**] [1:621:7] SCAN FIN [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-02:05:30.959462 24.37.78.147:45838 -> 88.80.197.29:761
TCP TTL:22 TOS:0x0 ID:1662 IpLen:20 DgmLen:40
*******F Seq: 0xC6E307B5  Ack: 0x0  Win: 0x800  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS27]

[**] [1:621:7] SCAN FIN [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-02:05:30.959466 24.37.78.147:45838 -> 88.80.197.29:849
TCP TTL:33 TOS:0x0 ID:32185 IpLen:20 DgmLen:40
*******F Seq: 0xC6E307B5  Ack: 0x0  Win: 0x400  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS27]

[**] [1:1421:11] SNMP AgentX/tcp request [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-02:05:30.959469 24.37.78.147:45838 -> 88.80.197.29:705
TCP TTL:23 TOS:0x0 ID:6646 IpLen:20 DgmLen:40
*******F Seq: 0xC6E307B5  Ack: 0x0  Win: 0xC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:621:7] SCAN FIN [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-02:05:31.801007 24.37.78.147:45838 -> 88.80.197.29:549
TCP TTL:30 TOS:0x0 ID:19336 IpLen:20 DgmLen:40
*******F Seq: 0xC6E307B5  Ack: 0x0  Win: 0x800  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS27]

[**] [1:621:7] SCAN FIN [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-02:05:33.902126 24.37.78.147:45838 -> 88.80.197.29:484
TCP TTL:21 TOS:0x0 ID:59806 IpLen:20 DgmLen:40
*******F Seq: 0xC6E307B5  Ack: 0x0  Win: 0x400  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS27]

[**] [1:621:7] SCAN FIN [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-02:05:33.903423 24.37.78.147:45838 -> 88.80.197.29:899
TCP TTL:19 TOS:0x0 ID:50154 IpLen:20 DgmLen:40
*******F Seq: 0xC6E307B5  Ack: 0x0  Win: 0xC00  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS27]

[**] [1:1418:11] SNMP request tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-02:05:33.903427 24.37.78.147:45838 -> 88.80.197.29:161
TCP TTL:30 TOS:0x0 ID:34870 IpLen:20 DgmLen:40
*******F Seq: 0xC6E307B5  Ack: 0x0  Win: 0x800  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:524:8] BAD-TRAFFIC tcp port 0 traffic [**]
[Classification: Misc activity] [Priority: 3] 
02/27-02:06:08.930330 24.37.78.147:36493 -> 88.80.197.29:0
TCP TTL:45 TOS:0x0 ID:42360 IpLen:20 DgmLen:60 DF
******S* Seq: 0x16156341  Ack: 0x0  Win: 0x16D0  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 902713 0 NOP WS: 6 

[**] [1:524:8] BAD-TRAFFIC tcp port 0 traffic [**]
[Classification: Misc activity] [Priority: 3] 
02/27-02:06:08.930403 88.80.197.29:0 -> 24.37.78.147:36493
TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
***A*R** Seq: 0x0  Ack: 0x16156342  Win: 0x0  TcpLen: 20

[**] [1:469:3] ICMP PING NMAP [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-02:11:00.069515 24.37.78.147 -> 88.80.197.29
ICMP TTL:25 TOS:0x0 ID:52278 IpLen:20 DgmLen:28
Type:8  Code:0  ID:39471   Seq:54373  ECHO
[Xref => http://www.whitehats.com/info/IDS162]

[**] [122:1:0] (portscan) TCP Portscan [**]
02/27-02:11:00.764052 24.37.78.147 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:161 DF

[**] [122:1:0] (portscan) TCP Portscan [**]
02/27-02:11:02.279853 24.37.78.147 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:161 DF

[**] [1:1420:11] SNMP trap tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-02:11:03.910240 24.37.78.147:46297 -> 88.80.197.29:162
TCP TTL:27 TOS:0x0 ID:37824 IpLen:20 DgmLen:44
******S* Seq: 0x2FFD45DF  Ack: 0x0  Win: 0xC00  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1421:11] SNMP AgentX/tcp request [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-02:11:05.083074 24.37.78.147:46297 -> 88.80.197.29:705
TCP TTL:36 TOS:0x0 ID:8521 IpLen:20 DgmLen:44
******S* Seq: 0x2FFD45DF  Ack: 0x0  Win: 0x1000  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1418:11] SNMP request tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-02:11:11.638079 24.37.78.147:46297 -> 88.80.197.29:161
TCP TTL:19 TOS:0x0 ID:43209 IpLen:20 DgmLen:44
******S* Seq: 0x2FFD45DF  Ack: 0x0  Win: 0xC00  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:469:3] ICMP PING NMAP [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-02:12:25.803202 24.37.78.147 -> 88.80.197.29
ICMP TTL:33 TOS:0x0 ID:39226 IpLen:20 DgmLen:28
Type:8  Code:0  ID:36999   Seq:26195  ECHO
[Xref => http://www.whitehats.com/info/IDS162]

[**] [122:1:0] (portscan) TCP Portscan [**]
02/27-02:12:26.494077 24.37.78.147 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:160 DF

[**] [122:1:0] (portscan) TCP Portscan [**]
02/27-02:13:05.006103 24.37.78.147 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:164 DF

[**] [122:1:0] (portscan) TCP Portscan [**]
02/27-02:14:06.063966 24.37.78.147 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:163 DF

[**] [1:1421:11] SNMP AgentX/tcp request [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-02:14:18.382103 24.37.78.147:34065 -> 88.80.197.29:705
TCP TTL:32 TOS:0x0 ID:43388 IpLen:20 DgmLen:44
******S* Seq: 0x13FDAC64  Ack: 0x0  Win: 0x1000  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:249:8] DDOS mstream client to handler [**]
[Classification: Attempted Denial of Service] [Priority: 2] 
02/27-02:14:36.284501 24.37.78.147:34065 -> 88.80.197.29:15104
TCP TTL:21 TOS:0x0 ID:21339 IpLen:20 DgmLen:44
******S* Seq: 0x13FDAC64  Ack: 0x0  Win: 0x400  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0138][Xref => http://www.whitehats.com/info/IDS111]

[**] [122:1:0] (portscan) TCP Portscan [**]
02/27-02:15:07.051979 24.37.78.147 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:163 DF

[**] [1:1418:11] SNMP request tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-02:15:09.188625 24.37.78.147:34065 -> 88.80.197.29:161
TCP TTL:35 TOS:0x0 ID:36473 IpLen:20 DgmLen:44
******S* Seq: 0x13FDAC64  Ack: 0x0  Win: 0xC00  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [122:1:0] (portscan) TCP Portscan [**]
02/27-02:16:08.075744 24.37.78.147 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:163 DF

[**] [1:524:8] BAD-TRAFFIC tcp port 0 traffic [**]
[Classification: Misc activity] [Priority: 3] 
02/27-02:16:21.984162 24.37.78.147:34065 -> 88.80.197.29:0
TCP TTL:22 TOS:0x0 ID:7598 IpLen:20 DgmLen:44
******S* Seq: 0x13FDAC64  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1460 

[**] [1:524:8] BAD-TRAFFIC tcp port 0 traffic [**]
[Classification: Misc activity] [Priority: 3] 
02/27-02:16:21.984199 88.80.197.29:0 -> 24.37.78.147:34065
TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
***A*R** Seq: 0x0  Ack: 0x13FDAC65  Win: 0x0  TcpLen: 20

[**] [1:1420:11] SNMP trap tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-02:16:53.979953 24.37.78.147:34065 -> 88.80.197.29:162
TCP TTL:26 TOS:0x0 ID:50716 IpLen:20 DgmLen:44
******S* Seq: 0x13FDAC64  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1460 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [122:1:0] (portscan) TCP Portscan [**]
02/27-02:17:09.018406 24.37.78.147 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:163 DF

[**] [122:1:0] (portscan) TCP Portscan [**]
02/27-02:18:10.041154 24.37.78.147 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:163 DF

[**] [1:469:3] ICMP PING NMAP [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-02:52:15.883268 156.34.216.56 -> 88.80.197.29
ICMP TTL:35 TOS:0x0 ID:53764 IpLen:20 DgmLen:28
Type:8  Code:0  ID:61166   Seq:15308  ECHO
[Xref => http://www.whitehats.com/info/IDS162]

[**] [122:1:0] (portscan) TCP Portscan [**]
02/27-02:52:25.860980 156.34.216.56 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:162 DF

[**] [122:1:0] (portscan) TCP Portscan [**]
02/27-02:52:35.080186 156.34.216.56 -> 88.80.197.29
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:163 DF

[**] [1:1418:11] SNMP request tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-02:52:50.377266 156.34.216.56:61168 -> 88.80.197.29:161
TCP TTL:20 TOS:0x0 ID:44305 IpLen:20 DgmLen:44
******S* Seq: 0x3A5BFE7E  Ack: 0x0  Win: 0xC00  TcpLen: 24
TCP Options (1) => MSS: 1452 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1421:11] SNMP AgentX/tcp request [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-02:52:54.864111 156.34.216.56:61168 -> 88.80.197.29:705
TCP TTL:39 TOS:0x0 ID:26101 IpLen:20 DgmLen:44
******S* Seq: 0x3A5BFE7E  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1452 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1420:11] SNMP trap tcp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
02/27-02:52:56.102073 156.34.216.56:61168 -> 88.80.197.29:162
TCP TTL:23 TOS:0x0 ID:28232 IpLen:20 DgmLen:44
******S* Seq: 0x3A5BFE7E  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1452 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2] 
02/27-07:10:26.940607 221.204.254.110:1043 -> 88.80.197.29:1434
UDP TTL:111 TOS:0x0 ID:20466 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:2050:7] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3] 
02/27-07:10:26.940607 221.204.254.110:1043 -> 88.80.197.29:1434
UDP TTL:111 TOS:0x0 ID:20466 IpLen:20 DgmLen:404
Len: 376
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2] 
02/27-08:35:37.267053 220.191.233.133:13721 -> 88.80.197.29:1434
UDP TTL:113 TOS:0x0 ID:62506 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:2050:7] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3] 
02/27-08:35:37.267053 220.191.233.133:13721 -> 88.80.197.29:1434
UDP TTL:113 TOS:0x0 ID:62506 IpLen:20 DgmLen:404
Len: 376
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2] 
02/27-08:36:50.637093 124.118.39.180:1074 -> 88.80.197.29:1434
UDP TTL:116 TOS:0x0 ID:44361 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:2050:7] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3] 
02/27-08:36:50.637093 124.118.39.180:1074 -> 88.80.197.29:1434
UDP TTL:116 TOS:0x0 ID:44361 IpLen:20 DgmLen:404
Len: 376
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2] 
02/27-09:56:04.440115 136.1.7.55:1676 -> 88.80.197.29:1434
UDP TTL:114 TOS:0x0 ID:28144 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:2050:7] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3] 
02/27-09:56:04.440115 136.1.7.55:1676 -> 88.80.197.29:1434
UDP TTL:114 TOS:0x0 ID:28144 IpLen:20 DgmLen:404
Len: 376
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2] 
02/27-10:26:42.872483 202.103.11.41:1267 -> 88.80.197.29:1434
UDP TTL:35 TOS:0x0 ID:40514 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:2050:7] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3] 
02/27-10:26:42.872483 202.103.11.41:1267 -> 88.80.197.29:1434
UDP TTL:35 TOS:0x0 ID:40514 IpLen:20 DgmLen:404
Len: 376
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2] 
02/27-12:58:48.887822 222.173.101.157:1787 -> 88.80.197.29:1434
UDP TTL:113 TOS:0x28 ID:10469 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:2050:7] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3] 
02/27-12:58:48.887822 222.173.101.157:1787 -> 88.80.197.29:1434
UDP TTL:113 TOS:0x28 ID:10469 IpLen:20 DgmLen:404
Len: 376
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2] 
02/27-13:04:32.995686 59.63.25.161:2979 -> 88.80.197.29:1434
UDP TTL:116 TOS:0x8 ID:34770 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:2050:7] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3] 
02/27-13:04:32.995686 59.63.25.161:2979 -> 88.80.197.29:1434
UDP TTL:116 TOS:0x8 ID:34770 IpLen:20 DgmLen:404
Len: 376
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5310]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/27-18:26:00.329169 84.20.246.189:61264 -> 88.80.197.29:80
TCP TTL:47 TOS:0x0 ID:51279 IpLen:20 DgmLen:86 DF
***AP**F Seq: 0xB8A9843A  Ack: 0x4E369949  Win: 0x5C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 375587 866055366 

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/27-18:26:00.526459 84.20.246.189:61266 -> 88.80.197.29:80
TCP TTL:47 TOS:0x0 ID:23159 IpLen:20 DgmLen:86 DF
***AP**F Seq: 0xB852F246  Ack: 0x4E238EDD  Win: 0x5C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 375640 866055579 

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/27-18:26:00.591054 84.20.246.189:61268 -> 88.80.197.29:80
TCP TTL:47 TOS:0x0 ID:49165 IpLen:20 DgmLen:86 DF
***AP**F Seq: 0xB8EE8C72  Ack: 0x4DB0012E  Win: 0x5C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 375676 866055723 

[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2] 
02/27-22:05:51.544569 61.132.223.14:2885 -> 88.80.197.29:1434
UDP TTL:116 TOS:0x8 ID:3492 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:2050:7] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3] 
02/27-22:05:51.544569 61.132.223.14:2885 -> 88.80.197.29:1434
UDP TTL:116 TOS:0x8 ID:3492 IpLen:20 DgmLen:404
Len: 376
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5310]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/28-00:00:13.284605 213.163.118.65:3414 -> 88.80.197.29:80
TCP TTL:115 TOS:0x0 ID:15159 IpLen:20 DgmLen:61 DF
***AP*** Seq: 0x611231F9  Ack: 0x3C6AF1AD  Win: 0xFFFF  TcpLen: 20

the server can be rooted in different ways btw, because hacking is not only about technical knowledge too...know your enemy...

Post by **floodhound2** » 27 Feb 2008, 17:40

bad_brain wrote: the server can be rooted in different ways btw, because hacking is not only about technical knowledge too...know your enemy...

Shall we go out for a meal and get to know each other

I like your thirst to try to hack this server Lyecdevf. I will also shoot a few bullets at this challenge, but ill have to do it this weekend. Look out !!!

TheKingOfHearts · Post by **TheKingOfHearts** » 27 Feb 2008, 18:14

did this do anything or epic fail? cuz im not really sure what im doing

nevermind its probably something noob and stupid. deleted it before i get laughed at.

Lyecdevf · Post by **Lyecdevf** » 28 Feb 2008, 01:43

floodhound2 wrote: I like your thirst to try to hack this server Lyecdevf.

I apparently did manage to generate some logs on this server. Ha

,! Yeah, I do have a thirst for hacking but I have a lot more to learn and I know that b_b has some good firewall rules on that server which I would have to circumnavigate around and which I know nothing about yet so not this time.

Post by **bad_brain** » 28 Feb 2008, 05:40

check what I posted above the 1st logs lyec....there are no firewall rules at all, that's why I said "don't trust scans too much"...

another little hint: the scans have shown the box runs on Debian....Debian package versions are a little different, to see if they are really up to date you have to know then endings like .5-sarge6 for example. if it's not possible it's a good idea to check related packages that are installed.

and no floody, the info you have about me already might already be enough...

Post by **bad_brain** » 28 Feb 2008, 18:02

log,logs,logs.....a little too much to post, so I make them downloadable on the wargames server:
http://88.80.197.29/apache2-default/log ... -040am.zip
simply open with a texteditor...

p.s. good example btw why it's better NOT to use vulnerability scanners against servers that are not your own ones...

TheKingOfHearts · Post by **TheKingOfHearts** » 28 Feb 2008, 19:05

p.s. good example btw why it's better NOT to use vulnerability scanners against servers that are not your own ones...

sarcasm towards me?