Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: Odd packets - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Odd packets

No.           Time             Source                 Destination         Protocol Info
107496   10.768466   10.10.10.10        12.12.12.12         UDP Source port: 43152  Destination port: http

Frame 107496 (118 bytes on wire, 118 bytes captured)
Ethernet II, Src: Cisco (MACSRC), Dst: Cisco (MACDST)
Internet Protocol, Src: my-net (10.10.10.10), Dst: apnic (12.12.12.12)
User Datagram Protocol, Src Port: 43152 (43152), Dst Port: http (80)
Data (76 bytes)
 
0030  01 00 8f f9 08 00 61 62 63 64 65 66 67 68 69 6a   ......abcdefghij
0040  6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 61 62 63   klmnopqrstuvwabc
0050  64 65 66 67 68 69 00 00 00 00 00 00 00 00 00 00   defghi..........
0060  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0070  00 00 00 00 00 00   

A few things to note, these are UDP packets from a high src port to port 80. They are coming from an 'our' network and going to a system in APNIC. There are a significant number of them.

Any ideas? Let us know.     

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.                

Adrien de Beaupre

353 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!