View All Attachments for Bug 82088

Attachment #54566
snortsnarf-050314.1.diff	text/plain	2005-03-26 19:26:37 UTC	461 bytes	no flags	Details

Attachment #70871
snortsnarf genereted destination	text/html	2005-10-17 12:37:22 UTC	34.72 KB	no flags	Details

<html>
<head>
<title>All 50 alerts going to 239.255.255.250 in /var/log/snort/alert</title>
</head>
<body BGCOLOR="#E7DEBD">
<table><tr>
<td width=130><A HREF="http://www.silicondefense.com/"><IMG BORDER=0 width=123 height=72 SRC="../../../SDlogo.gif" ALT="[Silicon Defense logo]"></A></td>
<td><CENTER><h1>SnortSnarf alert page</h1><h2>Destination: <EM>239.255.255.250</EM></h2><a href="http://www.silicondefense.com/software/snortsnarf/">SnortSnarf</a> v021111.1</CENTER></td></tr></table><hr>


<p><center><table border><tr><td><a href="../../../index.html">Signature section (17307)</a></td><td><a href="../../../topsrcs.html">Top 20 source IPs</a></td><td><a href="../../../topdests.html">Top 20 dest IPs</a></td></tr></table></center></p>50 such alerts found using input module SnortFileInput, with sources:
<font size="-1"><ul>
<li>/var/log/snort/alert
<li>/var/log/snort/alert.1
<li>/var/log/snort/alert.2
<li>/var/log/snort/alert.3
</ul></font>
<br>Earliest: <b>15:54:36</b>.824625 <i>on 09/19/2005</i><br>
Latest: <b>13:49:28</b>.136015 <i>on 09/30/2005</i>
<P>1 different signatures are present for <EM>239.255.255.250</EM> as a destination
<UL><LI>50 instances of <a href="../../../sig/sigsid-1917.html"><EM>SCAN UPnP service discover attempt</EM></A></LI>
</UL>There are 5 distinct source IPs in the alerts of the type on this page.<P>
<table border cellpadding = 3>
<tr><td rowspan=3 bgcolor="#E0CDD0" align="center">239.255.255.250</td>
<td>Whois lookup at:</td>
<td><a href="http://www.arin.net/cgi-bin/whois.pl?queryinput=239.255.255.250&B1=Submit+Query" target=lookup>ARIN</a></td>
<td><a href="http://www.ripe.net/perl/whois?searchtext=239.255.255.250" target=lookup>RIPE</a></td>
<td><a href="http://www.apnic.net/apnic-bin/whois.pl?search=239.255.255.250" target=lookup>APNIC</a></td>
<td><a href="http://www.geektools.com/cgi-bin/proxy.cgi?query=239.255.255.250&targetnic=auto" target=lookup>Geektools</a></td>
</tr>
<tr>
<td>DNS lookup at:</td>
<td><a href="http://www.amnesi.com/hostinfo/ipinfo.jhtml?Search=Lookup+Name&wholeIp=239.255.255.250&ip1=239&ip2=255&ip3=255&ip4=250" target=lookup>Amenesi</a></td>
<td><a href="http://andrew.triumf.ca/cgi-bin/gethost?239.255.255.250" target=lookup>TRIUMF</a></td>
<td><a href="http://wwwnet.princeton.edu/cgi-bin/dnslookup.pl?verbose=on&type=any&target=239.255.255.250" target=lookup>Princeton</a></td>
</tr>
<tr>
<td>More lookup links:</td>
<td><a href="http://www.dshield.org/ipinfo.php?ip=239.255.255.250" target=lookup>Dshield</a></td>
<td><a href="http://www.samspade.org/t/lookat?a=239.255.255.250" target=lookup>Sam Spade</a></td>
</tr>
</table>
<HR><table border cellpadding = 3>
<tr><td bgcolor=#D5E2CE><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/19-15:54:36.824625 <A HREF="../../../9/155/138/src9.155.138.70.html">9.155.138.70</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:4 TOS:0x0 ID:18 IpLen:20 DgmLen:165<br>Len: 137</code></td></tr>
<tr><td bgcolor=#E7DEBD><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/19-15:54:38.587092 <A HREF="../../../9/155/138/src9.155.138.70.html">9.155.138.70</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:4 TOS:0x0 ID:25 IpLen:20 DgmLen:165<br>Len: 137</code></td></tr>
<tr><td bgcolor=#E0CDD0><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/19-15:54:56.818076 <A HREF="../../../9/155/138/src9.155.138.70.html">9.155.138.70</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:4 TOS:0x0 ID:87 IpLen:20 DgmLen:165<br>Len: 137</code></td></tr>
<tr><td bgcolor=#D5E2CE><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/19-15:54:58.587045 <A HREF="../../../9/155/138/src9.155.138.70.html">9.155.138.70</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:4 TOS:0x0 ID:90 IpLen:20 DgmLen:165<br>Len: 137</code></td></tr>
<tr><td bgcolor=#E7DEBD><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/19-15:55:47.271741 <A HREF="../../../9/155/138/src9.155.138.70.html">9.155.138.70</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:4 TOS:0x0 ID:97 IpLen:20 DgmLen:165<br>Len: 137</code></td></tr>
<tr><td bgcolor=#E0CDD0><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/19-15:55:48.586599 <A HREF="../../../9/155/138/src9.155.138.70.html">9.155.138.70</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:4 TOS:0x0 ID:98 IpLen:20 DgmLen:165<br>Len: 137</code></td></tr>
<tr><td bgcolor=#D5E2CE><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-11:16:13.471021 <A HREF="../../../9/155/137/src9.155.137.56.html">9.155.137.56</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1777&protocol=UDP"  target=lookup>1777</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:24773 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E7DEBD><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-11:16:16.477024 <A HREF="../../../9/155/137/src9.155.137.56.html">9.155.137.56</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1777&protocol=UDP"  target=lookup>1777</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:24786 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E0CDD0><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-11:16:19.262522 <A HREF="../../../169/254/221/src169.254.221.214.html">169.254.221.214</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1782&protocol=UDP"  target=lookup>1782</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:24810 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#D5E2CE><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-11:16:22.284638 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1782&protocol=UDP"  target=lookup>1782</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:24831 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E7DEBD><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-11:16:25.359719 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1789&protocol=UDP"  target=lookup>1789</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:24852 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E0CDD0><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-11:16:28.364087 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1789&protocol=UDP"  target=lookup>1789</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:24895 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#D5E2CE><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-11:16:31.372199 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1789&protocol=UDP"  target=lookup>1789</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:25073 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E7DEBD><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-11:23:04.017840 <A HREF="../../../169/254/221/src169.254.221.214.html">169.254.221.214</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1805&protocol=UDP"  target=lookup>1805</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:25306 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E0CDD0><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-11:23:07.021332 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1805&protocol=UDP"  target=lookup>1805</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:25323 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#D5E2CE><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-11:23:10.012255 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1810&protocol=UDP"  target=lookup>1810</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:25345 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E7DEBD><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-11:23:13.009963 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1810&protocol=UDP"  target=lookup>1810</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:25356 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E0CDD0><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-11:23:16.014584 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1810&protocol=UDP"  target=lookup>1810</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:25364 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#D5E2CE><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-11:32:58.826019 <A HREF="../../../169/254/221/src169.254.221.214.html">169.254.221.214</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1819&protocol=UDP"  target=lookup>1819</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:25439 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E7DEBD><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-11:33:01.825268 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1819&protocol=UDP"  target=lookup>1819</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:25458 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E0CDD0><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-11:33:04.869995 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1824&protocol=UDP"  target=lookup>1824</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:25477 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#D5E2CE><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-11:33:07.874367 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1824&protocol=UDP"  target=lookup>1824</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:25491 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E7DEBD><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-11:33:10.878739 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1824&protocol=UDP"  target=lookup>1824</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:25499 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E0CDD0><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-12:05:37.550385 <A HREF="../../../169/254/221/src169.254.221.214.html">169.254.221.214</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1836&protocol=UDP"  target=lookup>1836</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:25673 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#D5E2CE><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-12:05:40.550519 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1836&protocol=UDP"  target=lookup>1836</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:25693 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E7DEBD><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-12:05:43.390364 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1841&protocol=UDP"  target=lookup>1841</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:25715 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E0CDD0><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-12:05:46.395741 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1841&protocol=UDP"  target=lookup>1841</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:25726 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#D5E2CE><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-12:05:49.400120 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1841&protocol=UDP"  target=lookup>1841</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:25734 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E7DEBD><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-12:09:31.410892 <A HREF="../../../9/155/138/src9.155.138.48.html">9.155.138.48</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1031&protocol=UDP"  target=lookup>1031</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:16 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E0CDD0><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-12:09:34.412897 <A HREF="../../../9/155/138/src9.155.138.48.html">9.155.138.48</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1031&protocol=UDP"  target=lookup>1031</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:31 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#D5E2CE><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-12:09:37.483983 <A HREF="../../../9/155/138/src9.155.138.48.html">9.155.138.48</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1031&protocol=UDP"  target=lookup>1031</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:53 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E7DEBD><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-12:32:14.881451 <A HREF="../../../169/254/221/src169.254.221.214.html">169.254.221.214</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1851&protocol=UDP"  target=lookup>1851</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:25806 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E0CDD0><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-12:32:17.900430 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1851&protocol=UDP"  target=lookup>1851</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:25826 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#D5E2CE><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-12:32:20.709662 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1856&protocol=UDP"  target=lookup>1856</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:25848 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E7DEBD><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-12:32:23.709775 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1856&protocol=UDP"  target=lookup>1856</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:25859 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E0CDD0><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-12:32:26.714137 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1856&protocol=UDP"  target=lookup>1856</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:25867 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#D5E2CE><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-13:19:44.921516 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1871&protocol=UDP"  target=lookup>1871</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:37060 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E7DEBD><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-13:19:47.927758 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1871&protocol=UDP"  target=lookup>1871</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:37073 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E0CDD0><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-13:19:50.932140 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1871&protocol=UDP"  target=lookup>1871</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:37082 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#D5E2CE><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-13:21:26.546893 <A HREF="../../../169/254/221/src169.254.221.214.html">169.254.221.214</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1880&protocol=UDP"  target=lookup>1880</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:37158 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E7DEBD><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-13:21:29.553137 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1880&protocol=UDP"  target=lookup>1880</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:37175 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E0CDD0><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-13:21:32.599858 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1885&protocol=UDP"  target=lookup>1885</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:37197 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#D5E2CE><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-13:21:35.597981 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1885&protocol=UDP"  target=lookup>1885</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:37208 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E7DEBD><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-13:21:38.602222 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1885&protocol=UDP"  target=lookup>1885</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:37216 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E0CDD0><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-13:49:16.069916 <A HREF="../../../169/254/221/src169.254.221.214.html">169.254.221.214</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1964&protocol=UDP"  target=lookup>1964</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:40793 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#D5E2CE><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-13:49:19.072167 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1964&protocol=UDP"  target=lookup>1964</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:40811 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E7DEBD><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-13:49:22.076670 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1964&protocol=UDP"  target=lookup>1964</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:40833 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E0CDD0><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-13:49:22.135385 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=2029&protocol=UDP"  target=lookup>2029</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:40843 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#D5E2CE><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-13:49:25.131512 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=2029&protocol=UDP"  target=lookup>2029</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:40854 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
<tr><td bgcolor=#E7DEBD><code>[**] [1:1917:6] <a href="../../../sig/sigsid-1917.html">SCAN UPnP service discover attempt</A> [**]<br>[Classification: Detection of a Network Scan] [Priority: 3] <br>09/30-13:49:28.136015 <A HREF="../../../9/155/138/src9.155.138.46.html">9.155.138.46</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=2029&protocol=UDP"  target=lookup>2029</A> -> <A HREF="../../../239/255/255/dest239.255.255.250.html">239.255.255.250</A>:<A HREF="http://www.portsdb.org/bin/portsdb.cgi?portnumber=1900&protocol=UDP"  target=lookup>1900</A><br>UDP TTL:1 TOS:0x0 ID:40862 IpLen:20 DgmLen:161<br>Len: 133</code></td></tr>
</table>
<hr>
<CENTER><a href="http://www.silicondefense.com/software/snortsnarf/">SnortSnarf</a> brought to you courtesy of <A HREF="http://www.silicondefense.com/">Silicon Defense</A><BR>
Authors: <a href="mailto:hoagland@SiliconDefense.com">Jim Hoagland</a> and <a href="mailto:stuart@SiliconDefense.com">Stuart Staniford</a><BR>
See also the <a href="http://www.snort.org/">Snort Page</a> by Marty Roesch
<BR>Page generated at Mon Oct 17 16:02:11 2005</CENTER></html>