------------------------------------------------------------------------------ #(2 - 251681) [2010-05-25 15:03:42] [local/1000002] [snort/1:1000002] LOCAL Inbound Traffic to Unused UDP Ports -- BLOCKING SOURCE IPv4: 131.107.0.78 -> 91.121.75.197 hlen=5 TOS=0 dlen=556 ID=1767 flags=0 offset=0 TTL=47 chksum=22499 UDP: port=500 -> dport: 500 len=536 Payload: length = 528 000 : 6E 41 97 4A 3F 73 65 66 00 00 00 00 00 00 00 00 nA.J?sef........ 010 : 01 10 02 00 00 00 00 00 00 00 02 10 0D 00 01 64 ...............d 020 : 00 00 00 01 00 00 00 01 00 00 01 58 01 01 00 08 ...........X.... 030 : 03 00 00 30 01 01 00 00 80 01 00 05 80 02 00 02 ...0............ 040 : 80 04 00 02 80 03 FD E9 80 0B 00 01 00 0C 00 04 ................ 050 : 00 00 1C 20 40 00 00 08 49 00 4B 00 45 00 00 00 ... @...I.K.E... 060 : 03 00 00 30 02 01 00 00 80 01 00 05 80 02 00 01 ...0............ 070 : 80 04 00 02 80 03 FD E9 80 0B 00 01 00 0C 00 04 ................ 080 : 00 00 1C 20 40 00 00 08 49 00 4B 00 45 00 00 00 ... @...I.K.E... 090 : 03 00 00 30 03 01 00 00 80 01 00 01 80 02 00 02 ...0............ 0a0 : 80 04 00 01 80 03 FD E9 80 0B 00 01 00 0C 00 04 ................ 0b0 : 00 00 1C 20 40 00 00 08 49 00 4B 00 45 00 00 00 ... @...I.K.E... 0c0 : 03 00 00 30 04 01 00 00 80 01 00 01 80 02 00 01 ...0............ 0d0 : 80 04 00 01 80 03 FD E9 80 0B 00 01 00 0C 00 04 ................ 0e0 : 00 00 1C 20 40 00 00 08 49 00 4B 00 45 00 00 00 ... @...I.K.E... 0f0 : 03 00 00 24 05 01 00 00 80 01 00 05 80 02 00 02 ...$............ 100 : 80 04 00 02 80 03 00 03 80 0B 00 01 00 0C 00 04 ................ 110 : 00 00 1C 20 03 00 00 24 06 01 00 00 80 01 00 05 ... ...$........ 120 : 80 02 00 01 80 04 00 02 80 03 00 03 80 0B 00 01 ................ 130 : 00 0C 00 04 00 00 1C 20 03 00 00 24 07 01 00 00 ....... ...$.... 140 : 80 01 00 01 80 02 00 02 80 04 00 01 80 03 00 03 ................ 150 : 80 0B 00 01 00 0C 00 04 00 00 1C 20 00 00 00 24 ........... ...$ 160 : 08 01 00 00 80 01 00 01 80 02 00 01 80 04 00 01 ................ 170 : 80 03 00 03 80 0B 00 01 00 0C 00 04 00 00 1C 20 ............... 180 : 0D 00 00 18 1E 2B 51 69 05 99 1C 7D 7C 96 FC BF .....+Qi...}|... 190 : B5 87 E4 61 00 00 00 08 0D 00 00 14 4A 13 1C 81 ...a........J... 1a0 : 07 03 58 45 5C 57 28 F2 0E 95 45 2F 0D 00 00 14 ..XE\W(...E/.... 1b0 : 90 CB 80 91 3E BB 69 6E 08 63 81 B5 EC 42 7B 1F ....>.in.c...B{. 1c0 : 0D 00 00 14 40 48 B7 D5 6E BC E8 85 25 E7 DE 7F ....@H..n...%. 1d0 : 00 D6 C2 D3 0D 00 00 14 FB 1D E3 CD F3 41 B7 EA .............A.. 1e0 : 16 B7 E5 BE 08 55 F1 20 0D 00 00 14 26 24 4D 38 .....U. ....&$M8 1f0 : ED DB 61 B3 17 2A 36 E3 D0 CF B8 19 00 00 00 14 ..a..*6......... 200 : E3 A5 96 6A 76 37 9F E7 07 22 82 31 E5 CE 86 52 ...jv7...".1...R ------------------------------------------------------------------------------ #(2 - 251825) [2010-05-26 04:28:16] [local/1000002] [snort/1:1000002] LOCAL Inbound Traffic to Unused UDP Ports -- BLOCKING SOURCE IPv4: 131.107.0.78 -> 91.121.75.197 hlen=5 TOS=0 dlen=556 ID=4199 flags=0 offset=0 TTL=48 chksum=19811 UDP: port=500 -> dport: 500 len=536 Payload: length = 528 000 : BD D4 B8 AA 19 6E 22 8B 00 00 00 00 00 00 00 00 .....n"......... 010 : 01 10 02 00 00 00 00 00 00 00 02 10 0D 00 01 64 ...............d 020 : 00 00 00 01 00 00 00 01 00 00 01 58 01 01 00 08 ...........X.... 030 : 03 00 00 30 01 01 00 00 80 01 00 05 80 02 00 02 ...0............ 040 : 80 04 00 02 80 03 FD E9 80 0B 00 01 00 0C 00 04 ................ 050 : 00 00 1C 20 40 00 00 08 49 00 4B 00 45 00 00 00 ... @...I.K.E... 060 : 03 00 00 30 02 01 00 00 80 01 00 05 80 02 00 01 ...0............ 070 : 80 04 00 02 80 03 FD E9 80 0B 00 01 00 0C 00 04 ................ 080 : 00 00 1C 20 40 00 00 08 49 00 4B 00 45 00 00 00 ... @...I.K.E... 090 : 03 00 00 30 03 01 00 00 80 01 00 01 80 02 00 02 ...0............ 0a0 : 80 04 00 01 80 03 FD E9 80 0B 00 01 00 0C 00 04 ................ 0b0 : 00 00 1C 20 40 00 00 08 49 00 4B 00 45 00 00 00 ... @...I.K.E... 0c0 : 03 00 00 30 04 01 00 00 80 01 00 01 80 02 00 01 ...0............ 0d0 : 80 04 00 01 80 03 FD E9 80 0B 00 01 00 0C 00 04 ................ 0e0 : 00 00 1C 20 40 00 00 08 49 00 4B 00 45 00 00 00 ... @...I.K.E... 0f0 : 03 00 00 24 05 01 00 00 80 01 00 05 80 02 00 02 ...$............ 100 : 80 04 00 02 80 03 00 03 80 0B 00 01 00 0C 00 04 ................ 110 : 00 00 1C 20 03 00 00 24 06 01 00 00 80 01 00 05 ... ...$........ 120 : 80 02 00 01 80 04 00 02 80 03 00 03 80 0B 00 01 ................ 130 : 00 0C 00 04 00 00 1C 20 03 00 00 24 07 01 00 00 ....... ...$.... 140 : 80 01 00 01 80 02 00 02 80 04 00 01 80 03 00 03 ................ 150 : 80 0B 00 01 00 0C 00 04 00 00 1C 20 00 00 00 24 ........... ...$ 160 : 08 01 00 00 80 01 00 01 80 02 00 01 80 04 00 01 ................ 170 : 80 03 00 03 80 0B 00 01 00 0C 00 04 00 00 1C 20 ............... 180 : 0D 00 00 18 1E 2B 51 69 05 99 1C 7D 7C 96 FC BF .....+Qi...}|... 190 : B5 87 E4 61 00 00 00 08 0D 00 00 14 4A 13 1C 81 ...a........J... 1a0 : 07 03 58 45 5C 57 28 F2 0E 95 45 2F 0D 00 00 14 ..XE\W(...E/.... 1b0 : 90 CB 80 91 3E BB 69 6E 08 63 81 B5 EC 42 7B 1F ....>.in.c...B{. 1c0 : 0D 00 00 14 40 48 B7 D5 6E BC E8 85 25 E7 DE 7F ....@H..n...%. 1d0 : 00 D6 C2 D3 0D 00 00 14 FB 1D E3 CD F3 41 B7 EA .............A.. 1e0 : 16 B7 E5 BE 08 55 F1 20 0D 00 00 14 26 24 4D 38 .....U. ....&$M8 1f0 : ED DB 61 B3 17 2A 36 E3 D0 CF B8 19 00 00 00 14 ..a..*6......... 200 : E3 A5 96 6A 76 37 9F E7 07 22 82 31 E5 CE 86 52 ...jv7...".1...R ------------------------------------------------------------------------------ #(2 - 252388) [2010-05-27 06:22:37] [local/1000002] [snort/1:1000002] LOCAL Inbound Traffic to Unused UDP Ports -- BLOCKING SOURCE IPv4: 131.107.0.78 -> 91.121.75.197 hlen=5 TOS=0 dlen=556 ID=13236 flags=0 offset=0 TTL=50 chksum=10262 UDP: port=500 -> dport: 500 len=536 Payload: length = 528 000 : 92 AB 2B 9C 86 B0 DC 99 00 00 00 00 00 00 00 00 ..+............. 010 : 01 10 02 00 00 00 00 00 00 00 02 10 0D 00 01 64 ...............d 020 : 00 00 00 01 00 00 00 01 00 00 01 58 01 01 00 08 ...........X.... 030 : 03 00 00 30 01 01 00 00 80 01 00 05 80 02 00 02 ...0............ 040 : 80 04 00 02 80 03 FD E9 80 0B 00 01 00 0C 00 04 ................ 050 : 00 00 1C 20 40 00 00 08 49 00 4B 00 45 00 00 00 ... @...I.K.E... 060 : 03 00 00 30 02 01 00 00 80 01 00 05 80 02 00 01 ...0............ 070 : 80 04 00 02 80 03 FD E9 80 0B 00 01 00 0C 00 04 ................ 080 : 00 00 1C 20 40 00 00 08 49 00 4B 00 45 00 00 00 ... @...I.K.E... 090 : 03 00 00 30 03 01 00 00 80 01 00 01 80 02 00 02 ...0............ 0a0 : 80 04 00 01 80 03 FD E9 80 0B 00 01 00 0C 00 04 ................ 0b0 : 00 00 1C 20 40 00 00 08 49 00 4B 00 45 00 00 00 ... @...I.K.E... 0c0 : 03 00 00 30 04 01 00 00 80 01 00 01 80 02 00 01 ...0............ 0d0 : 80 04 00 01 80 03 FD E9 80 0B 00 01 00 0C 00 04 ................ 0e0 : 00 00 1C 20 40 00 00 08 49 00 4B 00 45 00 00 00 ... @...I.K.E... 0f0 : 03 00 00 24 05 01 00 00 80 01 00 05 80 02 00 02 ...$............ 100 : 80 04 00 02 80 03 00 03 80 0B 00 01 00 0C 00 04 ................ 110 : 00 00 1C 20 03 00 00 24 06 01 00 00 80 01 00 05 ... ...$........ 120 : 80 02 00 01 80 04 00 02 80 03 00 03 80 0B 00 01 ................ 130 : 00 0C 00 04 00 00 1C 20 03 00 00 24 07 01 00 00 ....... ...$.... 140 : 80 01 00 01 80 02 00 02 80 04 00 01 80 03 00 03 ................ 150 : 80 0B 00 01 00 0C 00 04 00 00 1C 20 00 00 00 24 ........... ...$ 160 : 08 01 00 00 80 01 00 01 80 02 00 01 80 04 00 01 ................ 170 : 80 03 00 03 80 0B 00 01 00 0C 00 04 00 00 1C 20 ............... 180 : 0D 00 00 18 1E 2B 51 69 05 99 1C 7D 7C 96 FC BF .....+Qi...}|... 190 : B5 87 E4 61 00 00 00 08 0D 00 00 14 4A 13 1C 81 ...a........J... 1a0 : 07 03 58 45 5C 57 28 F2 0E 95 45 2F 0D 00 00 14 ..XE\W(...E/.... 1b0 : 90 CB 80 91 3E BB 69 6E 08 63 81 B5 EC 42 7B 1F ....>.in.c...B{. 1c0 : 0D 00 00 14 40 48 B7 D5 6E BC E8 85 25 E7 DE 7F ....@H..n...%. 1d0 : 00 D6 C2 D3 0D 00 00 14 FB 1D E3 CD F3 41 B7 EA .............A.. 1e0 : 16 B7 E5 BE 08 55 F1 20 0D 00 00 14 26 24 4D 38 .....U. ....&$M8 1f0 : ED DB 61 B3 17 2A 36 E3 D0 CF B8 19 00 00 00 14 ..a..*6......... 200 : E3 A5 96 6A 76 37 9F E7 07 22 82 31 E5 CE 86 52 ...jv7...".1...R ------------------------------------------------------------------------------ #(2 - 252687) [2010-05-28 09:51:25] [local/1000002] [snort/1:1000002] LOCAL Inbound Traffic to Unused UDP Ports -- BLOCKING SOURCE IPv4: 131.107.0.78 -> 91.121.75.197 hlen=5 TOS=0 dlen=556 ID=31956 flags=0 offset=0 TTL=48 chksum=57589 UDP: port=500 -> dport: 500 len=536 Payload: length = 528 000 : 89 35 9F F4 3F 09 75 04 00 00 00 00 00 00 00 00 .5..?.u......... 010 : 01 10 02 00 00 00 00 00 00 00 02 10 0D 00 01 64 ...............d 020 : 00 00 00 01 00 00 00 01 00 00 01 58 01 01 00 08 ...........X.... 030 : 03 00 00 30 01 01 00 00 80 01 00 05 80 02 00 02 ...0............ 040 : 80 04 00 02 80 03 FD E9 80 0B 00 01 00 0C 00 04 ................ 050 : 00 00 1C 20 40 00 00 08 49 00 4B 00 45 00 00 00 ... @...I.K.E... 060 : 03 00 00 30 02 01 00 00 80 01 00 05 80 02 00 01 ...0............ 070 : 80 04 00 02 80 03 FD E9 80 0B 00 01 00 0C 00 04 ................ 080 : 00 00 1C 20 40 00 00 08 49 00 4B 00 45 00 00 00 ... @...I.K.E... 090 : 03 00 00 30 03 01 00 00 80 01 00 01 80 02 00 02 ...0............ 0a0 : 80 04 00 01 80 03 FD E9 80 0B 00 01 00 0C 00 04 ................ 0b0 : 00 00 1C 20 40 00 00 08 49 00 4B 00 45 00 00 00 ... @...I.K.E... 0c0 : 03 00 00 30 04 01 00 00 80 01 00 01 80 02 00 01 ...0............ 0d0 : 80 04 00 01 80 03 FD E9 80 0B 00 01 00 0C 00 04 ................ 0e0 : 00 00 1C 20 40 00 00 08 49 00 4B 00 45 00 00 00 ... @...I.K.E... 0f0 : 03 00 00 24 05 01 00 00 80 01 00 05 80 02 00 02 ...$............ 100 : 80 04 00 02 80 03 00 03 80 0B 00 01 00 0C 00 04 ................ 110 : 00 00 1C 20 03 00 00 24 06 01 00 00 80 01 00 05 ... ...$........ 120 : 80 02 00 01 80 04 00 02 80 03 00 03 80 0B 00 01 ................ 130 : 00 0C 00 04 00 00 1C 20 03 00 00 24 07 01 00 00 ....... ...$.... 140 : 80 01 00 01 80 02 00 02 80 04 00 01 80 03 00 03 ................ 150 : 80 0B 00 01 00 0C 00 04 00 00 1C 20 00 00 00 24 ........... ...$ 160 : 08 01 00 00 80 01 00 01 80 02 00 01 80 04 00 01 ................ 170 : 80 03 00 03 80 0B 00 01 00 0C 00 04 00 00 1C 20 ............... 180 : 0D 00 00 18 1E 2B 51 69 05 99 1C 7D 7C 96 FC BF .....+Qi...}|... 190 : B5 87 E4 61 00 00 00 08 0D 00 00 14 4A 13 1C 81 ...a........J... 1a0 : 07 03 58 45 5C 57 28 F2 0E 95 45 2F 0D 00 00 14 ..XE\W(...E/.... 1b0 : 90 CB 80 91 3E BB 69 6E 08 63 81 B5 EC 42 7B 1F ....>.in.c...B{. 1c0 : 0D 00 00 14 40 48 B7 D5 6E BC E8 85 25 E7 DE 7F ....@H..n...%. 1d0 : 00 D6 C2 D3 0D 00 00 14 FB 1D E3 CD F3 41 B7 EA .............A.. 1e0 : 16 B7 E5 BE 08 55 F1 20 0D 00 00 14 26 24 4D 38 .....U. ....&$M8 1f0 : ED DB 61 B3 17 2A 36 E3 D0 CF B8 19 00 00 00 14 ..a..*6......... 200 : E3 A5 96 6A 76 37 9F E7 07 22 82 31 E5 CE 86 52 ...jv7...".1...R ------------------------------------------------------------------------------ #(3 - 201647) [2010-06-28 13:32:40] [local/1000002] [snort/1:1000002] LOCAL Inbound Traffic to Unused UDP Ports -- BLOCKING SOURCE IPv4: 131.107.0.78 -> 94.23.207.114 hlen=5 TOS=0 dlen=556 ID=7630 flags=0 offset=0 TTL=48 chksum=47536 UDP: port=500 -> dport: 500 len=536 Payload: length = 528 000 : E5 79 69 D4 F7 27 EF B9 00 00 00 00 00 00 00 00 .yi..'.......... 010 : 01 10 02 00 00 00 00 00 00 00 02 10 0D 00 01 64 ...............d 020 : 00 00 00 01 00 00 00 01 00 00 01 58 01 01 00 08 ...........X.... 030 : 03 00 00 30 01 01 00 00 80 01 00 05 80 02 00 02 ...0............ 040 : 80 04 00 02 80 03 FD E9 80 0B 00 01 00 0C 00 04 ................ 050 : 00 00 1C 20 40 00 00 08 49 00 4B 00 45 00 00 00 ... @...I.K.E... 060 : 03 00 00 30 02 01 00 00 80 01 00 05 80 02 00 01 ...0............ 070 : 80 04 00 02 80 03 FD E9 80 0B 00 01 00 0C 00 04 ................ 080 : 00 00 1C 20 40 00 00 08 49 00 4B 00 45 00 00 00 ... @...I.K.E... 090 : 03 00 00 30 03 01 00 00 80 01 00 01 80 02 00 02 ...0............ 0a0 : 80 04 00 01 80 03 FD E9 80 0B 00 01 00 0C 00 04 ................ 0b0 : 00 00 1C 20 40 00 00 08 49 00 4B 00 45 00 00 00 ... @...I.K.E... 0c0 : 03 00 00 30 04 01 00 00 80 01 00 01 80 02 00 01 ...0............ 0d0 : 80 04 00 01 80 03 FD E9 80 0B 00 01 00 0C 00 04 ................ 0e0 : 00 00 1C 20 40 00 00 08 49 00 4B 00 45 00 00 00 ... @...I.K.E... 0f0 : 03 00 00 24 05 01 00 00 80 01 00 05 80 02 00 02 ...$............ 100 : 80 04 00 02 80 03 00 03 80 0B 00 01 00 0C 00 04 ................ 110 : 00 00 1C 20 03 00 00 24 06 01 00 00 80 01 00 05 ... ...$........ 120 : 80 02 00 01 80 04 00 02 80 03 00 03 80 0B 00 01 ................ 130 : 00 0C 00 04 00 00 1C 20 03 00 00 24 07 01 00 00 ....... ...$.... 140 : 80 01 00 01 80 02 00 02 80 04 00 01 80 03 00 03 ................ 150 : 80 0B 00 01 00 0C 00 04 00 00 1C 20 00 00 00 24 ........... ...$ 160 : 08 01 00 00 80 01 00 01 80 02 00 01 80 04 00 01 ................ 170 : 80 03 00 03 80 0B 00 01 00 0C 00 04 00 00 1C 20 ............... 180 : 0D 00 00 18 1E 2B 51 69 05 99 1C 7D 7C 96 FC BF .....+Qi...}|... 190 : B5 87 E4 61 00 00 00 08 0D 00 00 14 4A 13 1C 81 ...a........J... 1a0 : 07 03 58 45 5C 57 28 F2 0E 95 45 2F 0D 00 00 14 ..XE\W(...E/.... 1b0 : 90 CB 80 91 3E BB 69 6E 08 63 81 B5 EC 42 7B 1F ....>.in.c...B{. 1c0 : 0D 00 00 14 40 48 B7 D5 6E BC E8 85 25 E7 DE 7F ....@H..n...%. 1d0 : 00 D6 C2 D3 0D 00 00 14 FB 1D E3 CD F3 41 B7 EA .............A.. 1e0 : 16 B7 E5 BE 08 55 F1 20 0D 00 00 14 26 24 4D 38 .....U. ....&$M8 1f0 : ED DB 61 B3 17 2A 36 E3 D0 CF B8 19 00 00 00 14 ..a..*6......... 200 : E3 A5 96 6A 76 37 9F E7 07 22 82 31 E5 CE 86 52 ...jv7...".1...R