This packet seems to be going to the FTP DATA port. What's going on port 21 during this (or just before, obviously)? That might shed some light on it.
Greg van der Gaast Ordina Public West Security Services -----Oorspronkelijk bericht----- Van: Mel [mailto:[EMAIL PROTECTED]] Verzonden: Monday, September 16, 2002 12:43 PM Aan: [EMAIL PROTECTED] Onderwerp: NMAP scan Hi Can anyone tell me what particular vulnerability this NMAP scan is probing for? UDP_43555-20 [**] Snort Unmatched [**] 08/22-18:09:52.732955 161.73.38.103:45552 -> 192.168.1.20:20 UDP TTL:54 TOS:0x0 ID:32141 IpLen:20 DgmLen:328 Len: 308 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggg I can see that it's some kind of FTP exploit from the destination source port number, but otherwise I can find no further information on it, and google searches have returned nothing. Thanks in advance Melanie