ID11122 Seq0 ECHO 110 to alert icmp with Priority 0 0504 095352965429

Id11122 seq0 echo 110 to alert icmp with priority 0

This preview shows page 3 - 8 out of 8 pages.

ID:11122 Seq:0 ECHO [**] [1:1:0] to alert icmp with !!!!!! [**] [Priority: 0] 05/04-09:53:52.965429 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x88 192.168.1.255 -> 192.168.10.2 ICMP TTL:254 TOS:0x0 ID:11122 IpLen:20 DgmLen:122 DF Type:8 Code:0 ID:11122 Seq:0 ECHO Rule#3: #alert tcp 192.168.1.5 any -> 192.168.10.2 80 (msg:"to alert HTTP with /../root"; content:"root"; sid:1;) Alert Output:
Image of page 3
[**] [1:1:0] to alert HTTP with /../root [**] [Priority: 0] 05/04-09:53:52.784584 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x5C 192.168.1.5:42069 -> 192.168.10.2:80 TCP TTL:254 TOS:0x0 ID:666 IpLen:20 DgmLen:78 DF ***A**** Seq: 0x29A Ack: 0x29A Win: 0x29A TcpLen: 20 [**] [1:1:0] to alert HTTP with /../root [**] [Priority: 0] 05/04-09:53:52.850955 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x5C 192.168.1.5:42069 -> 192.168.10.2:80 TCP TTL:254 TOS:0x0 ID:666 IpLen:20 DgmLen:78 DF ***A**** Seq: 0x29A Ack: 0x29A Win: 0x29A TcpLen: 20 [**] [1:1:0] to alert HTTP with /../root [**] [Priority: 0] 05/04-09:53:52.918145 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x5C 192.168.1.5:42069 -> 192.168.10.2:80 TCP TTL:254 TOS:0x0 ID:666 IpLen:20 DgmLen:78 DF ***A**** Seq: 0x29A Ack: 0x29A Win: 0x29A TcpLen: 20 Rule #4: #alert udp 192.168.10.2 any -> 192.168.10.2 any (msg:"to alert udp with ping"; content:"ping"; sid:1;) Alert Output: No Alert
Image of page 4
Image of page 5
Image of page 6
Rule #5: #alert udp 255.255.255.255 any -> 192.168.10.2 any (msg:"to alert udp with DISCOVER"; content:"DISCOVER"; sid:1;) Alert Output: [**] [1:1:0] to alert udp with DISCOVER [**] [Priority: 0] 05/04-09:53:52.836019 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x3C 255.255.255.255:68 -> 192.168.10.2:67 UDP TTL:1 TOS:0x0 ID:2513 IpLen:20 DgmLen:41 DF Len: 13 [**] [1:1:0] to alert udp with DISCOVER [**] [Priority: 0] 05/04-09:53:52.706591 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x3C 255.255.255.255:68 -> 192.168.10.2:67 UDP TTL:1 TOS:0x0 ID:2513 IpLen:20 DgmLen:41 DF Len: 13 [**] [1:1:0] to alert udp with DISCOVER [**] [Priority: 0] 05/04-09:53:52.970570 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x3C 255.255.255.255:68 -> 192.168.10.2:67 UDP TTL:1 TOS:0x0 ID:2513 IpLen:20 DgmLen:41 DF Len: 13 Rule #6: #alert udp 192.168.1.5 any -> 192.168.10.2 53 (msg:"to alert DNS with /sh"; content:"/sh"; sid:1;) Alert Output: [**] [1:1:0] to alert DNS with /sh [**] [Priority: 0] 05/04-09:53:52.777745 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x40 192.168.1.5:53 -> 192.168.10.2:53 UDP TTL:254 TOS:0x0 ID:82 IpLen:20 DgmLen:50 DF
Image of page 7
Len: 22 [**] [1:1:0] to alert DNS with /sh [**] [Priority: 0] 05/04-09:53:52.845315 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x40 192.168.1.5:53 -> 192.168.10.2:53 UDP TTL:254 TOS:0x0 ID:86 IpLen:20 DgmLen:50 DF Len: 22 [**] [1:1:0] to alert DNS with /sh [**] [Priority: 0] 05/04-09:53:52.715830 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x40 192.168.1.5:53 -> 192.168.10.2:53 UDP TTL:254 TOS:0x0 ID:90 IpLen:20 DgmLen:50 DF Len: 22
Image of page 8

You've reached the end of your free preview.

Want to read all 8 pages?

  • Spring '16
  • Xia
  • len, User Datagram Protocol, Sid, alert icmp, Alert Output

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture