------------------------------------------------------------------------------ #(1 - 292178) [2010-04-14 13:32:44] [local/1000002] [snort/1:1000002] LOCAL Inbound Traffic to Unused UDP Ports -- BLOCKING SOURCE IPv4: 131.107.0.80 -> 91.121.85.146 hlen=5 TOS=0 dlen=400 ID=21532 flags=0 offset=0 TTL=48 chksum=123 UDP: port=500 -> dport: 500 len=380 Payload: length = 372 000 : 2A 5D 95 4A 5F 75 85 E6 00 00 00 00 00 00 00 00 *].J_u.......... 010 : 85 10 F3 00 00 00 00 00 00 00 01 74 01 00 00 08 ...........t.... 020 : 00 00 00 00 87 00 00 78 00 00 00 01 00 00 00 01 .......x........ 030 : 00 00 00 6C 01 01 00 03 03 00 00 24 01 01 00 00 ...l.......$.... 040 : 80 01 00 07 80 0E 00 80 80 02 00 02 80 04 00 00 ................ 050 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 03 00 00 20 ............... 060 : 02 01 00 00 80 01 00 05 80 02 00 02 80 04 00 00 ................ 070 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 00 00 00 20 ............... 080 : 03 01 00 00 80 01 00 01 80 02 00 02 80 04 00 00 ................ 090 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 0A 00 00 0C ................ 0a0 : 00 02 00 00 00 04 00 00 0D 00 00 34 21 62 7E 1A ...........4!b~. 0b0 : A3 F0 B0 90 8F 30 B5 12 D7 C4 42 B7 39 8A 07 18 .....0....B.9... 0c0 : 46 F1 F4 1E 70 79 1B F1 52 87 87 98 A4 B3 58 0E F...py..R.....X. 0d0 : 49 2D 3C B1 8E 82 8B 28 27 17 1D 4B 0D 00 00 18 I-<....('..K.... 0e0 : 1E 2B 51 69 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 .+Qi...}|......a 0f0 : 00 00 00 08 0D 00 00 14 4A 13 1C 81 07 03 58 45 ........J.....XE 100 : 5C 57 28 F2 0E 95 45 2F 0D 00 00 14 40 48 B7 D5 \W(...E/....@H.. 110 : 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3 0D 00 00 14 n...%......... 120 : FB 1D E3 CD F3 41 B7 EA 16 B7 E5 BE 08 55 F1 20 .....A.......U. 130 : 14 00 00 14 26 24 4D 38 ED DB 61 B3 17 2A 36 E3 ....&$M8..a..*6. 140 : D0 CF B8 19 14 00 00 18 41 E0 FB 28 1F 54 29 88 ........A..(.T). 150 : 8C 21 8E 42 23 7D 9A 48 94 9B E8 56 00 00 00 18 .!.B#}.H...V.... 160 : DC D4 FE A9 1F 39 E0 47 51 FF FE C3 2C 69 FE B7 .....9.GQ...,i.. 170 : 94 CF 6A DC ..j. ------------------------------------------------------------------------------ #(2 - 237841) [2010-04-21 12:32:16] [local/1000002] [snort/1:1000002] LOCAL Inbound Traffic to Unused UDP Ports -- BLOCKING SOURCE IPv4: 131.107.0.80 -> 91.121.75.197 hlen=5 TOS=0 dlen=500 ID=1941 flags=0 offset=0 TTL=50 chksum=21611 UDP: port=500 -> dport: 500 len=480 Payload: length = 472 000 : A3 99 00 C4 D2 7D 7C 57 00 00 00 00 00 00 00 00 .....}|W........ 010 : 01 10 02 00 00 00 00 00 00 00 01 D8 0D 00 01 18 ................ 020 : 00 00 00 01 00 00 00 01 00 00 01 0C 01 01 00 06 ................ 030 : 03 00 00 34 01 01 00 00 80 01 00 07 80 0E 00 80 ...4............ 040 : 80 02 00 02 80 04 00 02 80 03 FD E9 80 0B 00 01 ................ 050 : 00 0C 00 04 00 00 0E 10 40 00 00 08 49 00 4B 00 ........@...I.K. 060 : 45 00 00 00 03 00 00 30 02 01 00 00 80 01 00 05 E......0........ 070 : 80 02 00 02 80 04 00 02 80 03 FD E9 80 0B 00 01 ................ 080 : 00 0C 00 04 00 00 0E 10 40 00 00 08 49 00 4B 00 ........@...I.K. 090 : 45 00 00 00 03 00 00 30 03 01 00 00 80 01 00 01 E......0........ 0a0 : 80 02 00 02 80 04 00 02 80 03 FD E9 80 0B 00 01 ................ 0b0 : 00 0C 00 04 00 00 0E 10 40 00 00 08 49 00 4B 00 ........@...I.K. 0c0 : 45 00 00 00 03 00 00 28 04 01 00 00 80 01 00 07 E......(........ 0d0 : 80 0E 00 80 80 02 00 02 80 04 00 02 80 03 00 03 ................ 0e0 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 03 00 00 24 ...............$ 0f0 : 05 01 00 00 80 01 00 05 80 02 00 02 80 04 00 02 ................ 100 : 80 03 00 03 80 0B 00 01 00 0C 00 04 00 00 0E 10 ................ 110 : 00 00 00 24 06 01 00 00 80 01 00 01 80 02 00 02 ...$............ 120 : 80 04 00 02 80 03 00 03 80 0B 00 01 00 0C 00 04 ................ 130 : 00 00 0E 10 0D 00 00 14 21 4C A4 FA FF A7 F3 2D ........!L.....- 140 : 67 48 E5 30 33 95 AE 83 0D 00 00 18 1E 2B 51 69 gH.03........+Qi 150 : 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 00 00 00 08 ...}|......a.... 160 : 0D 00 00 14 4A 13 1C 81 07 03 58 45 5C 57 28 F2 ....J.....XE\W(. 170 : 0E 95 45 2F 0D 00 00 14 90 CB 80 91 3E BB 69 6E ..E/........>.in 180 : 08 63 81 B5 EC 42 7B 1F 0D 00 00 14 40 48 B7 D5 .c...B{.....@H.. 190 : 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3 0D 00 00 14 n...%......... 1a0 : FB 1D E3 CD F3 41 B7 EA 16 B7 E5 BE 08 55 F1 20 .....A.......U. 1b0 : 0D 00 00 14 26 24 4D 38 ED DB 61 B3 17 2A 36 E3 ....&$M8..a..*6. 1c0 : D0 CF B8 19 00 00 00 14 E3 A5 96 6A 76 37 9F E7 ...........jv7.. 1d0 : 07 22 82 31 E5 CE 86 52 .".1...R ------------------------------------------------------------------------------ #(3 - 127479) [2010-04-07 07:11:13] [local/1000002] [snort/1:1000002] LOCAL Inbound Traffic to Unused UDP Ports -- BLOCKING SOURCE IPv4: 131.107.0.80 -> 94.23.207.114 hlen=5 TOS=0 dlen=400 ID=13837 flags=0 offset=0 TTL=51 chksum=40715 UDP: port=500 -> dport: 500 len=380 Payload: length = 372 000 : 0B 4A 41 50 6B EA 9B 00 00 00 00 00 00 00 00 00 .JAPk........... 010 : 85 10 F3 00 00 00 00 00 00 00 01 74 01 00 00 08 ...........t.... 020 : 00 00 00 00 87 00 00 78 00 00 00 01 00 00 00 01 .......x........ 030 : 00 00 00 6C 01 01 00 03 03 00 00 24 01 01 00 00 ...l.......$.... 040 : 80 01 00 07 80 0E 00 80 80 02 00 02 80 04 00 00 ................ 050 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 03 00 00 20 ............... 060 : 02 01 00 00 80 01 00 05 80 02 00 02 80 04 00 00 ................ 070 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 00 00 00 20 ............... 080 : 03 01 00 00 80 01 00 01 80 02 00 02 80 04 00 00 ................ 090 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 0A 00 00 0C ................ 0a0 : 00 02 00 00 00 04 00 00 0D 00 00 34 67 B8 E0 89 ...........4g... 0b0 : 9C 41 4D 33 44 28 CD 58 B7 4B 0B 5D 55 DF 56 B4 .AM3D(.X.K.]U.V. 0c0 : F4 68 92 0E 08 CB EF D5 6D 4A 88 F6 21 20 35 44 .h......mJ..! 5D 0d0 : 88 7C 3F B3 F7 92 E6 9C 75 AB 26 58 0D 00 00 18 .|?.....u.&X.... 0e0 : 1E 2B 51 69 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 .+Qi...}|......a 0f0 : 00 00 00 08 0D 00 00 14 4A 13 1C 81 07 03 58 45 ........J.....XE 100 : 5C 57 28 F2 0E 95 45 2F 0D 00 00 14 40 48 B7 D5 \W(...E/....@H.. 110 : 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3 0D 00 00 14 n...%......... 120 : FB 1D E3 CD F3 41 B7 EA 16 B7 E5 BE 08 55 F1 20 .....A.......U. 130 : 14 00 00 14 26 24 4D 38 ED DB 61 B3 17 2A 36 E3 ....&$M8..a..*6. 140 : D0 CF B8 19 14 00 00 18 9E 37 C4 54 FE 2F DA 6C .........7.T./.l 150 : 66 22 85 63 12 7E FB 87 84 86 A5 22 00 00 00 18 f".c.~.....".... 160 : 67 8A E3 AE BE FA 34 95 0D EE 9C 46 61 AB 2B F2 g.....4....Fa.+. 170 : 32 5A 1F C3 2Z.. ------------------------------------------------------------------------------ #(3 - 142900) [2010-04-26 07:56:57] [local/1000002] [snort/1:1000002] LOCAL Inbound Traffic to Unused UDP Ports -- BLOCKING SOURCE IPv4: 131.107.0.80 -> 94.23.207.114 hlen=5 TOS=0 dlen=500 ID=29755 flags=0 offset=0 TTL=48 chksum=25465 UDP: port=500 -> dport: 500 len=480 Payload: length = 472 000 : D0 92 FB 84 24 D7 29 B2 00 00 00 00 00 00 00 00 ....$.)......... 010 : 01 10 02 00 00 00 00 00 00 00 01 D8 0D 00 01 18 ................ 020 : 00 00 00 01 00 00 00 01 00 00 01 0C 01 01 00 06 ................ 030 : 03 00 00 34 01 01 00 00 80 01 00 07 80 0E 00 80 ...4............ 040 : 80 02 00 02 80 04 00 02 80 03 FD E9 80 0B 00 01 ................ 050 : 00 0C 00 04 00 00 0E 10 40 00 00 08 49 00 4B 00 ........@...I.K. 060 : 45 00 00 00 03 00 00 30 02 01 00 00 80 01 00 05 E......0........ 070 : 80 02 00 02 80 04 00 02 80 03 FD E9 80 0B 00 01 ................ 080 : 00 0C 00 04 00 00 0E 10 40 00 00 08 49 00 4B 00 ........@...I.K. 090 : 45 00 00 00 03 00 00 30 03 01 00 00 80 01 00 01 E......0........ 0a0 : 80 02 00 02 80 04 00 02 80 03 FD E9 80 0B 00 01 ................ 0b0 : 00 0C 00 04 00 00 0E 10 40 00 00 08 49 00 4B 00 ........@...I.K. 0c0 : 45 00 00 00 03 00 00 28 04 01 00 00 80 01 00 07 E......(........ 0d0 : 80 0E 00 80 80 02 00 02 80 04 00 02 80 03 00 03 ................ 0e0 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 03 00 00 24 ...............$ 0f0 : 05 01 00 00 80 01 00 05 80 02 00 02 80 04 00 02 ................ 100 : 80 03 00 03 80 0B 00 01 00 0C 00 04 00 00 0E 10 ................ 110 : 00 00 00 24 06 01 00 00 80 01 00 01 80 02 00 02 ...$............ 120 : 80 04 00 02 80 03 00 03 80 0B 00 01 00 0C 00 04 ................ 130 : 00 00 0E 10 0D 00 00 14 21 4C A4 FA FF A7 F3 2D ........!L.....- 140 : 67 48 E5 30 33 95 AE 83 0D 00 00 18 1E 2B 51 69 gH.03........+Qi 150 : 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 00 00 00 08 ...}|......a.... 160 : 0D 00 00 14 4A 13 1C 81 07 03 58 45 5C 57 28 F2 ....J.....XE\W(. 170 : 0E 95 45 2F 0D 00 00 14 90 CB 80 91 3E BB 69 6E ..E/........>.in 180 : 08 63 81 B5 EC 42 7B 1F 0D 00 00 14 40 48 B7 D5 .c...B{.....@H.. 190 : 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3 0D 00 00 14 n...%......... 1a0 : FB 1D E3 CD F3 41 B7 EA 16 B7 E5 BE 08 55 F1 20 .....A.......U. 1b0 : 0D 00 00 14 26 24 4D 38 ED DB 61 B3 17 2A 36 E3 ....&$M8..a..*6. 1c0 : D0 CF B8 19 00 00 00 14 E3 A5 96 6A 76 37 9F E7 ...........jv7.. 1d0 : 07 22 82 31 E5 CE 86 52 .".1...R ------------------------------------------------------------------------------ #(3 - 145161) [2010-04-29 14:23:12] [local/1000002] [snort/1:1000002] LOCAL Inbound Traffic to Unused UDP Ports -- BLOCKING SOURCE IPv4: 131.107.0.80 -> 94.23.207.114 hlen=5 TOS=0 dlen=500 ID=19223 flags=0 offset=0 TTL=50 chksum=35485 UDP: port=500 -> dport: 500 len=480 Payload: length = 472 000 : 53 B2 69 98 72 A9 54 4F 00 00 00 00 00 00 00 00 S.i.r.TO........ 010 : 01 10 02 00 00 00 00 00 00 00 01 D8 0D 00 01 18 ................ 020 : 00 00 00 01 00 00 00 01 00 00 01 0C 01 01 00 06 ................ 030 : 03 00 00 34 01 01 00 00 80 01 00 07 80 0E 00 80 ...4............ 040 : 80 02 00 02 80 04 00 02 80 03 FD E9 80 0B 00 01 ................ 050 : 00 0C 00 04 00 00 0E 10 40 00 00 08 49 00 4B 00 ........@...I.K. 060 : 45 00 00 00 03 00 00 30 02 01 00 00 80 01 00 05 E......0........ 070 : 80 02 00 02 80 04 00 02 80 03 FD E9 80 0B 00 01 ................ 080 : 00 0C 00 04 00 00 0E 10 40 00 00 08 49 00 4B 00 ........@...I.K. 090 : 45 00 00 00 03 00 00 30 03 01 00 00 80 01 00 01 E......0........ 0a0 : 80 02 00 02 80 04 00 02 80 03 FD E9 80 0B 00 01 ................ 0b0 : 00 0C 00 04 00 00 0E 10 40 00 00 08 49 00 4B 00 ........@...I.K. 0c0 : 45 00 00 00 03 00 00 28 04 01 00 00 80 01 00 07 E......(........ 0d0 : 80 0E 00 80 80 02 00 02 80 04 00 02 80 03 00 03 ................ 0e0 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 03 00 00 24 ...............$ 0f0 : 05 01 00 00 80 01 00 05 80 02 00 02 80 04 00 02 ................ 100 : 80 03 00 03 80 0B 00 01 00 0C 00 04 00 00 0E 10 ................ 110 : 00 00 00 24 06 01 00 00 80 01 00 01 80 02 00 02 ...$............ 120 : 80 04 00 02 80 03 00 03 80 0B 00 01 00 0C 00 04 ................ 130 : 00 00 0E 10 0D 00 00 14 21 4C A4 FA FF A7 F3 2D ........!L.....- 140 : 67 48 E5 30 33 95 AE 83 0D 00 00 18 1E 2B 51 69 gH.03........+Qi 150 : 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 00 00 00 08 ...}|......a.... 160 : 0D 00 00 14 4A 13 1C 81 07 03 58 45 5C 57 28 F2 ....J.....XE\W(. 170 : 0E 95 45 2F 0D 00 00 14 90 CB 80 91 3E BB 69 6E ..E/........>.in 180 : 08 63 81 B5 EC 42 7B 1F 0D 00 00 14 40 48 B7 D5 .c...B{.....@H.. 190 : 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3 0D 00 00 14 n...%......... 1a0 : FB 1D E3 CD F3 41 B7 EA 16 B7 E5 BE 08 55 F1 20 .....A.......U. 1b0 : 0D 00 00 14 26 24 4D 38 ED DB 61 B3 17 2A 36 E3 ....&$M8..a..*6. 1c0 : D0 CF B8 19 00 00 00 14 E3 A5 96 6A 76 37 9F E7 ...........jv7.. 1d0 : 07 22 82 31 E5 CE 86 52 .".1...R ------------------------------------------------------------------------------ #(1 - 315801) [2010-05-04 09:51:52] [local/1000002] [snort/1:1000002] LOCAL Inbound Traffic to Unused UDP Ports -- BLOCKING SOURCE IPv4: 131.107.0.80 -> 91.121.85.146 hlen=5 TOS=0 dlen=400 ID=15411 flags=0 offset=0 TTL=48 chksum=6244 UDP: port=500 -> dport: 500 len=380 Payload: length = 372 000 : 12 12 E4 E2 4C E9 73 61 00 00 00 00 00 00 00 00 ....L.sa........ 010 : 85 10 F3 00 00 00 00 00 00 00 01 74 01 00 00 08 ...........t.... 020 : 00 00 00 00 87 00 00 78 00 00 00 01 00 00 00 01 .......x........ 030 : 00 00 00 6C 01 01 00 03 03 00 00 24 01 01 00 00 ...l.......$.... 040 : 80 01 00 07 80 0E 00 80 80 02 00 02 80 04 00 00 ................ 050 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 03 00 00 20 ............... 060 : 02 01 00 00 80 01 00 05 80 02 00 02 80 04 00 00 ................ 070 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 00 00 00 20 ............... 080 : 03 01 00 00 80 01 00 01 80 02 00 02 80 04 00 00 ................ 090 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 0A 00 00 0C ................ 0a0 : 00 02 00 00 00 04 00 00 0D 00 00 34 5A 8A D8 D3 ...........4Z... 0b0 : 7F D4 4C E2 39 ED 4D 86 FF 09 BC 7E 60 59 B2 19 .L.9.M....~`Y.. 0c0 : A6 9A C0 81 94 7B DE A3 D1 A0 A0 00 F9 5E FD 29 .....{.......^.) 0d0 : 9C 51 F8 BF 89 81 4E D9 67 24 49 38 0D 00 00 18 .Q....N.g$I8.... 0e0 : 1E 2B 51 69 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 .+Qi...}|......a 0f0 : 00 00 00 08 0D 00 00 14 4A 13 1C 81 07 03 58 45 ........J.....XE 100 : 5C 57 28 F2 0E 95 45 2F 0D 00 00 14 40 48 B7 D5 \W(...E/....@H.. 110 : 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3 0D 00 00 14 n...%......... 120 : FB 1D E3 CD F3 41 B7 EA 16 B7 E5 BE 08 55 F1 20 .....A.......U. 130 : 14 00 00 14 26 24 4D 38 ED DB 61 B3 17 2A 36 E3 ....&$M8..a..*6. 140 : D0 CF B8 19 14 00 00 18 15 DC 93 B6 39 A5 26 93 ............9.&. 150 : 3A 76 6C 48 0D 89 86 3C 9D 67 24 BC 00 00 00 18 :vlH...<.g$..... 160 : D9 A4 FB 42 D0 56 F6 D9 16 D3 B6 E2 C8 29 D4 48 ...B.V.......).H 170 : 64 9C F3 7F d. ------------------------------------------------------------------------------ #(3 - 151948) [2010-05-04 10:25:23] [local/1000002] [snort/1:1000002] LOCAL Inbound Traffic to Unused UDP Ports -- BLOCKING SOURCE IPv4: 131.107.0.80 -> 94.23.207.114 hlen=5 TOS=0 dlen=400 ID=23138 flags=0 offset=0 TTL=49 chksum=31926 UDP: port=500 -> dport: 500 len=380 Payload: length = 372 000 : B8 77 3E 49 C7 50 2C 2B 00 00 00 00 00 00 00 00 .w>I.P,+........ 010 : 85 10 F3 00 00 00 00 00 00 00 01 74 01 00 00 08 ...........t.... 020 : 00 00 00 00 87 00 00 78 00 00 00 01 00 00 00 01 .......x........ 030 : 00 00 00 6C 01 01 00 03 03 00 00 24 01 01 00 00 ...l.......$.... 040 : 80 01 00 07 80 0E 00 80 80 02 00 02 80 04 00 00 ................ 050 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 03 00 00 20 ............... 060 : 02 01 00 00 80 01 00 05 80 02 00 02 80 04 00 00 ................ 070 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 00 00 00 20 ............... 080 : 03 01 00 00 80 01 00 01 80 02 00 02 80 04 00 00 ................ 090 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 0A 00 00 0C ................ 0a0 : 00 02 00 00 00 04 00 00 0D 00 00 34 B1 46 E0 00 ...........4.F.. 0b0 : 6D D9 80 85 55 0C A3 F7 59 45 B7 FC 7B F5 A5 DF m...U...YE..{... 0c0 : 60 7B C8 F0 A6 C0 40 33 3F 85 71 1F FD FB D4 33 `{....@3?.q....3 0d0 : D7 9F 9B 53 03 AA D8 BB 32 ED D6 6E 0D 00 00 18 ...S....2..n.... 0e0 : 1E 2B 51 69 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 .+Qi...}|......a 0f0 : 00 00 00 08 0D 00 00 14 4A 13 1C 81 07 03 58 45 ........J.....XE 100 : 5C 57 28 F2 0E 95 45 2F 0D 00 00 14 40 48 B7 D5 \W(...E/....@H.. 110 : 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3 0D 00 00 14 n...%......... 120 : FB 1D E3 CD F3 41 B7 EA 16 B7 E5 BE 08 55 F1 20 .....A.......U. 130 : 14 00 00 14 26 24 4D 38 ED DB 61 B3 17 2A 36 E3 ....&$M8..a..*6. 140 : D0 CF B8 19 14 00 00 18 51 D9 C8 2B 82 2A EE 04 ........Q..+.*.. 150 : 15 4A 8C 30 27 0C 28 50 8B EB 2F 89 00 00 00 18 .J.0'.(P../..... 160 : 3B 98 90 D5 26 42 2C EE 41 E5 0F 15 02 DA A6 08 ;...&B,.A....... 170 : A1 EB 11 DB .... ------------------------------------------------------------------------------ #(3 - 171721) [2010-05-24 03:36:21] [local/1000002] [snort/1:1000002] LOCAL Inbound Traffic to Unused UDP Ports -- BLOCKING SOURCE IPv4: 131.107.0.80 -> 94.23.207.114 hlen=5 TOS=0 dlen=500 ID=21549 flags=0 offset=0 TTL=51 chksum=32903 UDP: port=500 -> dport: 500 len=480 Payload: length = 472 000 : F8 48 B3 DC 53 32 BD D4 00 00 00 00 00 00 00 00 .H..S2.......... 010 : 01 10 02 00 00 00 00 00 00 00 01 D8 0D 00 01 18 ................ 020 : 00 00 00 01 00 00 00 01 00 00 01 0C 01 01 00 06 ................ 030 : 03 00 00 34 01 01 00 00 80 01 00 07 80 0E 00 80 ...4............ 040 : 80 02 00 02 80 04 00 02 80 03 FD E9 80 0B 00 01 ................ 050 : 00 0C 00 04 00 00 0E 10 40 00 00 08 49 00 4B 00 ........@...I.K. 060 : 45 00 00 00 03 00 00 30 02 01 00 00 80 01 00 05 E......0........ 070 : 80 02 00 02 80 04 00 02 80 03 FD E9 80 0B 00 01 ................ 080 : 00 0C 00 04 00 00 0E 10 40 00 00 08 49 00 4B 00 ........@...I.K. 090 : 45 00 00 00 03 00 00 30 03 01 00 00 80 01 00 01 E......0........ 0a0 : 80 02 00 02 80 04 00 02 80 03 FD E9 80 0B 00 01 ................ 0b0 : 00 0C 00 04 00 00 0E 10 40 00 00 08 49 00 4B 00 ........@...I.K. 0c0 : 45 00 00 00 03 00 00 28 04 01 00 00 80 01 00 07 E......(........ 0d0 : 80 0E 00 80 80 02 00 02 80 04 00 02 80 03 00 03 ................ 0e0 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 03 00 00 24 ...............$ 0f0 : 05 01 00 00 80 01 00 05 80 02 00 02 80 04 00 02 ................ 100 : 80 03 00 03 80 0B 00 01 00 0C 00 04 00 00 0E 10 ................ 110 : 00 00 00 24 06 01 00 00 80 01 00 01 80 02 00 02 ...$............ 120 : 80 04 00 02 80 03 00 03 80 0B 00 01 00 0C 00 04 ................ 130 : 00 00 0E 10 0D 00 00 14 21 4C A4 FA FF A7 F3 2D ........!L.....- 140 : 67 48 E5 30 33 95 AE 83 0D 00 00 18 1E 2B 51 69 gH.03........+Qi 150 : 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 00 00 00 08 ...}|......a.... 160 : 0D 00 00 14 4A 13 1C 81 07 03 58 45 5C 57 28 F2 ....J.....XE\W(. 170 : 0E 95 45 2F 0D 00 00 14 90 CB 80 91 3E BB 69 6E ..E/........>.in 180 : 08 63 81 B5 EC 42 7B 1F 0D 00 00 14 40 48 B7 D5 .c...B{.....@H.. 190 : 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3 0D 00 00 14 n...%......... 1a0 : FB 1D E3 CD F3 41 B7 EA 16 B7 E5 BE 08 55 F1 20 .....A.......U. 1b0 : 0D 00 00 14 26 24 4D 38 ED DB 61 B3 17 2A 36 E3 ....&$M8..a..*6. 1c0 : D0 CF B8 19 00 00 00 14 E3 A5 96 6A 76 37 9F E7 ...........jv7.. 1d0 : 07 22 82 31 E5 CE 86 52 .".1...R ------------------------------------------------------------------------------ #(1 - 367268) [2010-06-21 08:47:46] [local/1000002] [snort/1:1000002] LOCAL Inbound Traffic to Unused UDP Ports -- BLOCKING SOURCE IPv4: 131.107.0.80 -> 91.121.85.146 hlen=5 TOS=0 dlen=500 ID=23646 flags=0 offset=0 TTL=47 chksum=63700 UDP: port=500 -> dport: 500 len=480 Payload: length = 472 000 : 7F F2 CC 04 88 31 F5 01 00 00 00 00 00 00 00 00 ....1.......... 010 : 01 10 02 00 00 00 00 00 00 00 01 D8 0D 00 01 18 ................ 020 : 00 00 00 01 00 00 00 01 00 00 01 0C 01 01 00 06 ................ 030 : 03 00 00 34 01 01 00 00 80 01 00 07 80 0E 00 80 ...4............ 040 : 80 02 00 02 80 04 00 02 80 03 FD E9 80 0B 00 01 ................ 050 : 00 0C 00 04 00 00 0E 10 40 00 00 08 49 00 4B 00 ........@...I.K. 060 : 45 00 00 00 03 00 00 30 02 01 00 00 80 01 00 05 E......0........ 070 : 80 02 00 02 80 04 00 02 80 03 FD E9 80 0B 00 01 ................ 080 : 00 0C 00 04 00 00 0E 10 40 00 00 08 49 00 4B 00 ........@...I.K. 090 : 45 00 00 00 03 00 00 30 03 01 00 00 80 01 00 01 E......0........ 0a0 : 80 02 00 02 80 04 00 02 80 03 FD E9 80 0B 00 01 ................ 0b0 : 00 0C 00 04 00 00 0E 10 40 00 00 08 49 00 4B 00 ........@...I.K. 0c0 : 45 00 00 00 03 00 00 28 04 01 00 00 80 01 00 07 E......(........ 0d0 : 80 0E 00 80 80 02 00 02 80 04 00 02 80 03 00 03 ................ 0e0 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 03 00 00 24 ...............$ 0f0 : 05 01 00 00 80 01 00 05 80 02 00 02 80 04 00 02 ................ 100 : 80 03 00 03 80 0B 00 01 00 0C 00 04 00 00 0E 10 ................ 110 : 00 00 00 24 06 01 00 00 80 01 00 01 80 02 00 02 ...$............ 120 : 80 04 00 02 80 03 00 03 80 0B 00 01 00 0C 00 04 ................ 130 : 00 00 0E 10 0D 00 00 14 21 4C A4 FA FF A7 F3 2D ........!L.....- 140 : 67 48 E5 30 33 95 AE 83 0D 00 00 18 1E 2B 51 69 gH.03........+Qi 150 : 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 00 00 00 08 ...}|......a.... 160 : 0D 00 00 14 4A 13 1C 81 07 03 58 45 5C 57 28 F2 ....J.....XE\W(. 170 : 0E 95 45 2F 0D 00 00 14 90 CB 80 91 3E BB 69 6E ..E/........>.in 180 : 08 63 81 B5 EC 42 7B 1F 0D 00 00 14 40 48 B7 D5 .c...B{.....@H.. 190 : 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3 0D 00 00 14 n...%......... 1a0 : FB 1D E3 CD F3 41 B7 EA 16 B7 E5 BE 08 55 F1 20 .....A.......U. 1b0 : 0D 00 00 14 26 24 4D 38 ED DB 61 B3 17 2A 36 E3 ....&$M8..a..*6. 1c0 : D0 CF B8 19 00 00 00 14 E3 A5 96 6A 76 37 9F E7 ...........jv7.. 1d0 : 07 22 82 31 E5 CE 86 52 .".1...R ------------------------------------------------------------------------------ #(3 - 203904) [2010-06-30 09:04:52] [local/1000002] [snort/1:1000002] LOCAL Inbound Traffic to Unused UDP Ports -- BLOCKING SOURCE IPv4: 131.107.0.80 -> 94.23.207.114 hlen=5 TOS=0 dlen=500 ID=6015 flags=0 offset=0 TTL=49 chksum=48949 UDP: port=500 -> dport: 500 len=480 Payload: length = 472 000 : 9F 6C 17 3F 17 F9 DC 13 00 00 00 00 00 00 00 00 .l.?............ 010 : 01 10 02 00 00 00 00 00 00 00 01 D8 0D 00 01 18 ................ 020 : 00 00 00 01 00 00 00 01 00 00 01 0C 01 01 00 06 ................ 030 : 03 00 00 34 01 01 00 00 80 01 00 07 80 0E 00 80 ...4............ 040 : 80 02 00 02 80 04 00 02 80 03 FD E9 80 0B 00 01 ................ 050 : 00 0C 00 04 00 00 0E 10 40 00 00 08 49 00 4B 00 ........@...I.K. 060 : 45 00 00 00 03 00 00 30 02 01 00 00 80 01 00 05 E......0........ 070 : 80 02 00 02 80 04 00 02 80 03 FD E9 80 0B 00 01 ................ 080 : 00 0C 00 04 00 00 0E 10 40 00 00 08 49 00 4B 00 ........@...I.K. 090 : 45 00 00 00 03 00 00 30 03 01 00 00 80 01 00 01 E......0........ 0a0 : 80 02 00 02 80 04 00 02 80 03 FD E9 80 0B 00 01 ................ 0b0 : 00 0C 00 04 00 00 0E 10 40 00 00 08 49 00 4B 00 ........@...I.K. 0c0 : 45 00 00 00 03 00 00 28 04 01 00 00 80 01 00 07 E......(........ 0d0 : 80 0E 00 80 80 02 00 02 80 04 00 02 80 03 00 03 ................ 0e0 : 80 0B 00 01 00 0C 00 04 00 00 0E 10 03 00 00 24 ...............$ 0f0 : 05 01 00 00 80 01 00 05 80 02 00 02 80 04 00 02 ................ 100 : 80 03 00 03 80 0B 00 01 00 0C 00 04 00 00 0E 10 ................ 110 : 00 00 00 24 06 01 00 00 80 01 00 01 80 02 00 02 ...$............ 120 : 80 04 00 02 80 03 00 03 80 0B 00 01 00 0C 00 04 ................ 130 : 00 00 0E 10 0D 00 00 14 21 4C A4 FA FF A7 F3 2D ........!L.....- 140 : 67 48 E5 30 33 95 AE 83 0D 00 00 18 1E 2B 51 69 gH.03........+Qi 150 : 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 00 00 00 08 ...}|......a.... 160 : 0D 00 00 14 4A 13 1C 81 07 03 58 45 5C 57 28 F2 ....J.....XE\W(. 170 : 0E 95 45 2F 0D 00 00 14 90 CB 80 91 3E BB 69 6E ..E/........>.in 180 : 08 63 81 B5 EC 42 7B 1F 0D 00 00 14 40 48 B7 D5 .c...B{.....@H.. 190 : 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3 0D 00 00 14 n...%......... 1a0 : FB 1D E3 CD F3 41 B7 EA 16 B7 E5 BE 08 55 F1 20 .....A.......U. 1b0 : 0D 00 00 14 26 24 4D 38 ED DB 61 B3 17 2A 36 E3 ....&$M8..a..*6. 1c0 : D0 CF B8 19 00 00 00 14 E3 A5 96 6A 76 37 9F E7 ...........jv7.. 1d0 : 07 22 82 31 E5 CE 86 52 .".1...R