------------------------------------------------------------------------------ #(1 - 307277) [2010-04-26 17:52:42] [local/1000002] [snort/1:1000002] LOCAL Inbound Traffic to Unused UDP Ports -- BLOCKING SOURCE IPv4: 131.107.0.101 -> 91.121.85.146 hlen=5 TOS=0 dlen=400 ID=13944 flags=0 offset=0 TTL=50 chksum=7178 UDP: port=500 -> dport: 500 len=380 Payload: length = 372 000 : E1 53 11 F7 30 DF 69 C2 00 00 00 00 00 00 00 00 .S..0.i......... 010 : 85 10 F3 00 00 00 00 00 00 00 01 74 01 00 00 08 ...........t.... 020 : 00 00 00 00 87 00 00 78 00 00 00 01 00 00 00 01 .......x........ 030 : 00 00 00 6C 01 01 00 03 03 00 00 24 01 01 00 00 ...l.......$.... 040 : 80 01 00 07 80 0E 00 80 80 02 00 02 80 04 00 00 ................ 050 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 03 00 00 20 ............... 060 : 02 01 00 00 80 01 00 05 80 02 00 02 80 04 00 00 ................ 070 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 00 00 00 20 ............... 080 : 03 01 00 00 80 01 00 01 80 02 00 02 80 04 00 00 ................ 090 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 0A 00 00 0C ................ 0a0 : 00 02 00 00 00 04 00 00 0D 00 00 34 12 04 BF E9 ...........4.... 0b0 : A7 8A 07 EF 0F 80 11 33 E7 80 9D A2 B8 77 2B 6F .......3.....w+o 0c0 : 81 77 39 26 53 65 A1 4A 13 FB E5 43 03 10 0B 41 .w9&Se.J...C...A 0d0 : E2 2E 7E A7 FF F8 2A 43 F8 06 D5 1D 0D 00 00 18 ..~...*C........ 0e0 : 1E 2B 51 69 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 .+Qi...}|......a 0f0 : 00 00 00 08 0D 00 00 14 4A 13 1C 81 07 03 58 45 ........J.....XE 100 : 5C 57 28 F2 0E 95 45 2F 0D 00 00 14 40 48 B7 D5 \W(...E/....@H.. 110 : 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3 0D 00 00 14 n...%......... 120 : FB 1D E3 CD F3 41 B7 EA 16 B7 E5 BE 08 55 F1 20 .....A.......U. 130 : 14 00 00 14 26 24 4D 38 ED DB 61 B3 17 2A 36 E3 ....&$M8..a..*6. 140 : D0 CF B8 19 14 00 00 18 6A 7E 04 A3 C7 3A 75 28 ........j~...:u( 150 : D4 63 3D E7 C3 C0 58 41 06 26 AA 2C 00 00 00 18 .c=...XA.&.,.... 160 : AF E2 39 B2 05 FD A8 E6 B7 BF A3 03 C3 8C 58 76 ..9...........Xv 170 : 64 38 03 54 d8.T ------------------------------------------------------------------------------ #(3 - 128698) [2010-04-08 15:40:48] [local/1000002] [snort/1:1000002] LOCAL Inbound Traffic to Unused UDP Ports -- BLOCKING SOURCE IPv4: 131.107.0.101 -> 94.23.207.114 hlen=5 TOS=0 dlen=400 ID=29809 flags=0 offset=0 TTL=50 chksum=24978 UDP: port=500 -> dport: 500 len=380 Payload: length = 372 000 : D5 38 4C D8 D2 16 8B D5 00 00 00 00 00 00 00 00 .8L............. 010 : 85 10 F3 00 00 00 00 00 00 00 01 74 01 00 00 08 ...........t.... 020 : 00 00 00 00 87 00 00 78 00 00 00 01 00 00 00 01 .......x........ 030 : 00 00 00 6C 01 01 00 03 03 00 00 24 01 01 00 00 ...l.......$.... 040 : 80 01 00 07 80 0E 00 80 80 02 00 02 80 04 00 00 ................ 050 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 03 00 00 20 ............... 060 : 02 01 00 00 80 01 00 05 80 02 00 02 80 04 00 00 ................ 070 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 00 00 00 20 ............... 080 : 03 01 00 00 80 01 00 01 80 02 00 02 80 04 00 00 ................ 090 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 0A 00 00 0C ................ 0a0 : 00 02 00 00 00 04 00 00 0D 00 00 34 35 A6 89 8D ...........45... 0b0 : DD AF 22 33 28 F5 21 56 D5 E7 F8 5C F1 20 E6 5C .."3(.!V...\. .\ 0c0 : 90 62 80 AA C8 05 A7 0F 22 51 92 D4 4F 82 50 95 .b......"Q..O.P. 0d0 : AF 1E 91 42 F7 93 CE B4 AE D5 CE EE 0D 00 00 18 ...B............ 0e0 : 1E 2B 51 69 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 .+Qi...}|......a 0f0 : 00 00 00 08 0D 00 00 14 4A 13 1C 81 07 03 58 45 ........J.....XE 100 : 5C 57 28 F2 0E 95 45 2F 0D 00 00 14 40 48 B7 D5 \W(...E/....@H.. 110 : 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3 0D 00 00 14 n...%......... 120 : FB 1D E3 CD F3 41 B7 EA 16 B7 E5 BE 08 55 F1 20 .....A.......U. 130 : 14 00 00 14 26 24 4D 38 ED DB 61 B3 17 2A 36 E3 ....&$M8..a..*6. 140 : D0 CF B8 19 14 00 00 18 A3 F1 9B 81 97 69 EA FD .............i.. 150 : EC 5B 6F 52 13 11 E9 D6 12 97 A5 99 00 00 00 18 .[oR............ 160 : 15 7A EE 73 10 B1 9F 7F 1A F3 84 18 7E DA 49 3C .z.s......~.I< 170 : D5 4B 89 EB .K.. ------------------------------------------------------------------------------ #(2 - 244589) [2010-05-06 15:01:35] [local/1000002] [snort/1:1000002] LOCAL Inbound Traffic to Unused UDP Ports -- BLOCKING SOURCE IPv4: 131.107.0.101 -> 91.121.75.197 hlen=5 TOS=0 dlen=400 ID=2243 flags=0 offset=0 TTL=48 chksum=21900 UDP: port=500 -> dport: 500 len=380 Payload: length = 372 000 : E4 60 F9 C4 6E 1C A3 E7 00 00 00 00 00 00 00 00 .`..n........... 010 : 85 10 F3 00 00 00 00 00 00 00 01 74 01 00 00 08 ...........t.... 020 : 00 00 00 00 87 00 00 78 00 00 00 01 00 00 00 01 .......x........ 030 : 00 00 00 6C 01 01 00 03 03 00 00 24 01 01 00 00 ...l.......$.... 040 : 80 01 00 07 80 0E 00 80 80 02 00 02 80 04 00 00 ................ 050 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 03 00 00 20 ............... 060 : 02 01 00 00 80 01 00 05 80 02 00 02 80 04 00 00 ................ 070 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 00 00 00 20 ............... 080 : 03 01 00 00 80 01 00 01 80 02 00 02 80 04 00 00 ................ 090 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 0A 00 00 0C ................ 0a0 : 00 02 00 00 00 04 00 00 0D 00 00 34 80 5C BB AE ...........4.\.. 0b0 : B3 70 4A 01 D6 97 C6 4D 4B 84 39 0D EC 1D 22 0A .pJ....MK.9...". 0c0 : 0A B5 78 76 78 F2 FE A3 FF 04 F0 2B 92 A3 3C 50 ..xvx......+..

94.23.207.114 hlen=5 TOS=0 dlen=500 ID=31603 flags=0 offset=0 TTL=50 chksum=23084 UDP: port=500 -> dport: 500 len=480 Payload: length = 472 000 : E4 3F EC F5 18 D1 5B B7 00 00 00 00 00 00 00 00 .?....[......... 010 : 01 10 02 00 00 00 00 00 00 00 01 D8 0D 00 01 18 ................ 020 : 00 00 00 01 00 00 00 01 00 00 01 0C 01 01 00 06 ................ 030 : 03 00 00 34 01 01 00 00 80 01 00 07 80 0E 00 80 ...4............ 040 : 80 02 00 02 80 04 00 02 80 03 FD E9 80 0B 00 01 ................ 050 : 00 0C 00 04 00 00 0E 10 40 00 00 08 49 00 4B 00 ........@...I.K. 060 : 45 00 00 00 03 00 00 30 02 01 00 00 80 01 00 05 E......0........ 070 : 80 02 00 02 80 04 00 02 80 03 FD E9 80 0B 00 01 ................ 080 : 00 0C 00 04 00 00 0E 10 40 00 00 08 49 00 4B 00 ........@...I.K. 090 : 45 00 00 00 03 00 00 30 03 01 00 00 80 01 00 01 E......0........ 0a0 : 80 02 00 02 80 04 00 02 80 03 FD E9 80 0B 00 01 ................ 0b0 : 00 0C 00 04 00 00 0E 10 40 00 00 08 49 00 4B 00 ........@...I.K. 0c0 : 45 00 00 00 03 00 00 28 04 01 00 00 80 01 00 07 E......(........ 0d0 : 80 0E 00 80 80 02 00 02 80 04 00 02 80 03 00 03 ................ 0e0 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 03 00 00 24 ...............$ 0f0 : 05 01 00 00 80 01 00 05 80 02 00 02 80 04 00 02 ................ 100 : 80 03 00 03 80 0B 00 01 00 0C 00 04 00 00 0E 10 ................ 110 : 00 00 00 24 06 01 00 00 80 01 00 01 80 02 00 02 ...$............ 120 : 80 04 00 02 80 03 00 03 80 0B 00 01 00 0C 00 04 ................ 130 : 00 00 0E 10 0D 00 00 14 21 4C A4 FA FF A7 F3 2D ........!L.....- 140 : 67 48 E5 30 33 95 AE 83 0D 00 00 18 1E 2B 51 69 gH.03........+Qi 150 : 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 00 00 00 08 ...}|......a.... 160 : 0D 00 00 14 4A 13 1C 81 07 03 58 45 5C 57 28 F2 ....J.....XE\W(. 170 : 0E 95 45 2F 0D 00 00 14 90 CB 80 91 3E BB 69 6E ..E/........>.in 180 : 08 63 81 B5 EC 42 7B 1F 0D 00 00 14 40 48 B7 D5 .c...B{.....@H.. 190 : 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3 0D 00 00 14 n...%......... 1a0 : FB 1D E3 CD F3 41 B7 EA 16 B7 E5 BE 08 55 F1 20 .....A.......U. 1b0 : 0D 00 00 14 26 24 4D 38 ED DB 61 B3 17 2A 36 E3 ....&$M8..a..*6. 1c0 : D0 CF B8 19 00 00 00 14 E3 A5 96 6A 76 37 9F E7 ...........jv7.. 1d0 : 07 22 82 31 E5 CE 86 52 .".1...R ------------------------------------------------------------------------------ #(3 - 202588) [2010-06-29 09:32:27] [local/1000002] [snort/1:1000002] LOCAL Inbound Traffic to Unused UDP Ports -- BLOCKING SOURCE IPv4: 131.107.0.101 -> 94.23.207.114 hlen=5 TOS=0 dlen=400 ID=20705 flags=0 offset=0 TTL=48 chksum=34594 UDP: port=500 -> dport: 500 len=380 Payload: length = 372 000 : D0 67 1A 97 4B D2 96 FB 00 00 00 00 00 00 00 00 .g..K........... 010 : 85 10 F3 00 00 00 00 00 00 00 01 74 01 00 00 08 ...........t.... 020 : 00 00 00 00 87 00 00 78 00 00 00 01 00 00 00 01 .......x........ 030 : 00 00 00 6C 01 01 00 03 03 00 00 24 01 01 00 00 ...l.......$.... 040 : 80 01 00 07 80 0E 00 80 80 02 00 02 80 04 00 00 ................ 050 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 03 00 00 20 ............... 060 : 02 01 00 00 80 01 00 05 80 02 00 02 80 04 00 00 ................ 070 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 00 00 00 20 ............... 080 : 03 01 00 00 80 01 00 01 80 02 00 02 80 04 00 00 ................ 090 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 0A 00 00 0C ................ 0a0 : 00 02 00 00 00 04 00 00 0D 00 00 34 4A EF 38 01 ...........4J.8. 0b0 : B8 4A F1 74 EB DF D2 12 C7 84 48 C2 B4 68 E1 23 .J.t......H..h.# 0c0 : 47 BE 19 A3 70 03 48 D9 FE 6E 4F A7 D1 1A A3 7F G...p.H..nO... 0d0 : E3 8B 8B 20 75 B1 B9 DA 3B A8 3E CA 0D 00 00 18 ... u...;.>..... 0e0 : 1E 2B 51 69 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 .+Qi...}|......a 0f0 : 00 00 00 08 0D 00 00 14 4A 13 1C 81 07 03 58 45 ........J.....XE 100 : 5C 57 28 F2 0E 95 45 2F 0D 00 00 14 40 48 B7 D5 \W(...E/....@H.. 110 : 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3 0D 00 00 14 n...%......... 120 : FB 1D E3 CD F3 41 B7 EA 16 B7 E5 BE 08 55 F1 20 .....A.......U. 130 : 14 00 00 14 26 24 4D 38 ED DB 61 B3 17 2A 36 E3 ....&$M8..a..*6. 140 : D0 CF B8 19 14 00 00 18 DA 1D D7 32 5B 88 92 D6 ...........2[... 150 : 36 2A FE C8 8F A7 8B E2 43 84 1D 84 00 00 00 18 6*......C....... 160 : BE 36 39 65 88 C9 92 67 B0 2E CA A2 F3 7B 6F 24 .69e...g.....{o$ 170 : CE CD FE F6 ....