What is it?

March 23, 2003

 

Overview

One of the many joys of running a Honeynet, or even system management, is to identify traffic that is destined to and originating from your systems.  Below are actual Ethereal (http://www.ethereal.com/) log entries and packets that were launched against some of the systems in the Honeynet.

 

Goal

The goal is to get acquainted with the different types of traffic and packets that you may see when on the Internet.  These packets are not specially crafted in a lab, but true packet captures gathered through Ethereal.  These packets have not been altered from their original log entry.  In the coming weeks, we will provide a further analysis of these attacks for your review.

 

Attack 1

Attack 2

 

Attack 3

 

A further review of the Logoff Andx request shows:

 

Attack 4

 

 

The “Stub Data” from the above packet contained the following: