Internet Storm Center

Handler on Duty: Johannes Ullrich

Threat Level: green

Thinking...

[get complete service list]

Port Information
Protocol	Service	Name
tcp	xtrm	xTrade
udp	xtrm	xTrade Reliable Messaging

Top IPs Scanning
Today	Yesterday
78.128.114.110 (4)	89.248.165.108 (18)
100.27.42.174 (2)	109.205.213.40 (10)
62.60.131.114 (2)	91.191.209.198 (3)
165.154.172.223 (2)	34.201.223.223 (2)
167.94.146.32 (1)	77.90.185.235 (2)
79.124.56.186 (1)	79.124.58.102 (2)
165.154.135.73 (1)	152.32.168.34 (2)
45.141.233.37 (1)	162.142.125.242 (2)
109.205.211.35 (1)	134.199.197.153 (2)
123.58.213.118 (1)	79.124.62.122 (2)

User Comments
Submitted By	Date
Comment
[email protected]	2006-03-12 05:53:05
I have seen udp/3423 in my snort install at home. In my case it is a dst of 159.153.238.200 belonging to Electronic Arts. I have Battlefield 2 installed with their (mandatory) EA Downloader so I suspect this is the originator. I have a traffic dump if you want it just ask (quickly!). You may list the Name field if I am to receive public credit. Thanks! jynx p.s.- snort output from base follows: length = 508 000 : 3F F0 7C FF FF FF FF F3 01 04 EB 00 00 A8 48 2F ?.\|...........H/ 010 : 58 16 01 00 03 4F C8 42 65 99 25 42 2B 7B 66 42 X....O.Be.%B+{fB 020 : 7F 06 0E 1A C8 FF BF FF 0F 18 00 00 00 00 F4 4B ..............K 030 : 19 1E D0 BE E8 00 01 8E FD 88 03 00 5A 50 6D 00 ............ZPm. 040 : 00 A0 82 81 01 40 78 00 80 6C 5E 53 08 00 00 00 [email protected]^S.... 050 : 00 00 00 00 60 1A F2 ED 07 C0 51 30 BF 6F 96 F1 ....`.....Q0.o.. 060 : 07 00 00 F0 92 10 00 02 1A 1E 00 00 00 FE D1 01 ................ 070 : 00 0F 00 00 20 80 51 00 48 01 40 00 00 F8 C0 96 .... .Q.H.@..... 080 : 04 58 20 80 A9 2A 49 80 05 82 C0 B2 14 00 78 00 .X ..I.......x. 090 : 00 00 01 8E 48 80 05 82 48 CF 2C 00 78 00 00 00 ....H...H.,.x... 0a0 : 01 AC 27 C1 09 08 FD B4 C2 75 8D 1C F0 C6 02 00 ..'......u...... 0b0 : 2A AC 0D 4A 48 41 0F 06 27 90 48 30 FE C5 1D 35 ..JHA..'.H0...5 0c0 : 49 FC 01 04 AA 08 00 00 00 50 C8 81 B1 2C 00 00 I........P...,.. 0d0 : 79 B9 D9 20 3D 64 4C 21 62 FF A8 61 37 88 B9 08 y.. =dL!b..a7... 0e0 : CE 17 93 F8 8B EF 0A 48 50 A0 7D 00 C1 0A 0A 24 .......HP.}....$ 0f0 : 0F 04 7B 0E 00 00 00 44 E7 AF 3D 03 9A 98 04 00 ..{....D..=..... 100 : 09 03 DE 0D 1F 20 EA D4 7B 10 06 1F C0 53 B2 07 ..... ..{....S.. 110 : 30 A9 03 C1 58 00 40 5E CA 77 87 05 FB C6 E6 01 0...X.@^.w...... 120 : 00 00 17 6C 00 34 F8 E1 3F 00 00 00 10 D6 01 18 ...l.4..?....... 130 : 00 00 00 00 00 00 E4 75 00 06 00 00 00 00 00 00 .......u........ 140 : 55 1D 28 C7 02 00 F8 48 F5 11 D6 B6 1A 10 0A 30 U.(....H.......0 150 : 54 1A 36 00 00 C0 0C FF FE 85 43 02 20 00 00 00 T.6.......C. ... 160 : 48 EF 40 45 16 00 C0 EF 6C 93 B0 17 CD 80 90 53 [email protected] 170 : 31 D2 B0 01 00 00 2E FE F2 6F 0E CB FF 12 A1 B2 1........o...... 180 : 7F 12 FD F3 3F 00 40 C0 06 88 80 00 14 AC 11 30 [email protected] 190 : BA 90 AC ED 1C F0 C7 02 00 98 7B 35 1A 36 BB A5 ..........{5.6.. 1a0 : 0F 72 F9 36 19 36 00 00 40 AA 1E 49 16 C4 82 1E [email protected].... 1b0 : 00 00 00 00 00 00 50 D8 81 7E 2C 00 20 2C 6C D8 ......P..~,. ,l. 1c0 : B2 81 B1 E6 34 C3 C1 C3 75 0E E8 01 35 7C 5E 82 ....4...u...5\|^. 1d0 : D5 3C 50 72 81 03 08 82 D6 87 3C 0E 08 01 12 EA .<Pr......<..... 1e0 : B8 42 92 86 F4 B8 76 0C 4C 62 10 08 44 72 41 9D .B....v.Lb..DrA. 1f0 : 29 70 CA 35 23 53 10 34 89 9F 02 B8 )p.5#S.4....

CVE Links
CVE #	Description