-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 25 January 2003 22:30, Charles Sprickman wrote: > On Sat, 25 Jan 2003, Brian Coyle wrote: > > I have a similar packet (but only one) from the same host (time is ntp > > sync'd EST). > > > > Jan 20 12:55:47 firewall kernel: Packet log: input - ppp0 PROTO=17 > > 67.8.33.179:1 65.83.153.253:1434 L=29 S=0x00 I=20300 F=0x0000 T=110 (#23) > > That's a busy machine apparently: > > Jan 19 01:13:16 gw ipmon[32123]: 01:13:15.993484 ed0 @0:20 b 67.8.33.179,1 > -> 66.92.x.x,1434 PR udp len 20 29 IN > > (also EST, NTP synced) >
Additional correlations are being reported over on the [EMAIL PROTECTED] list... http://www.sans.org/intrusions/ - -- 42 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Brian Coyle, GCIA http://www.giac.org/GCIA.php iD8DBQE+M1x6ER3MuHUncBsRAhiUAJ4+8RCpTicU4VWZzkXlR8grUjOBrQCfZHP9 VzmEQod+qeXiL50M/llrZvA= =LuxR -----END PGP SIGNATURE-----