Attack

Extract from the day1.log binary network capture log, which shows how the attack was done. 

    No. Time                       Source                Destination           Protocol Info
    561 2002-11-29 17:36:25.353459 61.219.90.180         192.168.100.28        TCP      56399 > 6112 [SYN] Seq=2151229461 Ack=0 Win=5840 Len=0
    562 2002-11-29 17:36:25.353459 192.168.100.28        61.219.90.180         TCP      6112 > 56399 [SYN, ACK] Seq=3124316702 Ack=2151229462 Win=24616 Len=0
    563 2002-11-29 17:36:25.563445 61.219.90.180         192.168.100.28        TCP      56399 > 6112 [ACK] Seq=2151229462 Ack=3124316703 Win=5840 Len=0
    564 2002-11-29 17:36:25.573445 61.219.90.180         192.168.100.28        TCP      56709 > ingreslock [SYN] Seq=2149411790 Ack=0 Win=5840 Len=0
    565 2002-11-29 17:36:25.573445 192.168.100.28        61.219.90.180         TCP      ingreslock > 56709 [RST, ACK] Seq=0 Ack=2149411791 Win=0 Len=0
    566 2002-11-29 17:36:25.793430 61.219.90.180         192.168.100.28        TCP      56710 > 6112 [SYN] Seq=2140233517 Ack=0 Win=5840 Len=0
    567 2002-11-29 17:36:25.793430 192.168.100.28        61.219.90.180         TCP      6112 > 56710 [SYN, ACK] Seq=3124564265 Ack=2140233518 Win=24616 Len=0
    568 2002-11-29 17:36:26.003415 61.219.90.180         192.168.100.28        TCP      56710 > 6112 [ACK] Seq=2140233518 Ack=3124564266 Win=5840 Len=0
    569 2002-11-29 17:36:26.013415 61.219.90.180         192.168.100.28        TCP      56710 > 6112 [PSH, ACK] Seq=2140233518 Ack=3124564266 Win=5840 Len=33
    570 2002-11-29 17:36:26.013415 192.168.100.28        61.219.90.180         TCP      6112 > 56710 [ACK] Seq=3124564266 Ack=2140233551 Win=24583 Len=0
    571 2002-11-29 17:36:26.053412 192.168.100.28        61.219.90.180         TCP      6112 > 56710 [PSH, ACK] Seq=3124564266 Ack=2140233551 Win=24616 Len=70
    572 2002-11-29 17:36:26.273397 61.219.90.180         192.168.100.28        TCP      56710 > 6112 [ACK] Seq=2140233551 Ack=3124564336 Win=5840 Len=0
    573 2002-11-29 17:36:26.273397 61.219.90.180         192.168.100.28        TCP      56710 > 6112 [PSH, ACK] Seq=2140233551 Ack=3124564336 Win=5840 Len=20
    574 2002-11-29 17:36:26.273397 61.219.90.180         192.168.100.28        TCP      56710 > 6112 [FIN, ACK] Seq=2140233571 Ack=3124564336 Win=5840 Len=0
    575 2002-11-29 17:36:26.273397 192.168.100.28        61.219.90.180         TCP      6112 > 56710 [ACK] Seq=3124564336 Ack=2140233572 Win=24616 Len=0
    576 2002-11-29 17:36:26.273397 61.219.90.180         192.168.100.28        TCP      56711 > 6112 [SYN] Seq=2143411079 Ack=0 Win=5840 Len=0
    577 2002-11-29 17:36:26.273397 192.168.100.28        61.219.90.180         TCP      6112 > 56711 [SYN, ACK] Seq=3124882181 Ack=2143411080 Win=24616 Len=0
    578 2002-11-29 17:36:26.273397 192.168.100.28        61.219.90.180         TCP      6112 > 56710 [FIN, ACK] Seq=3124564336 Ack=2140233572 Win=24616 Len=0
    579 2002-11-29 17:36:26.493382 61.219.90.180         192.168.100.28        TCP      56711 > 6112 [ACK] Seq=2143411080 Ack=3124882182 Win=5840 Len=0
    580 2002-11-29 17:36:26.503382 61.219.90.180         192.168.100.28        TCP      56711 > 6112 [ACK] Seq=2143411080 Ack=3124882182 Win=5840 Len=1448
    581 2002-11-29 17:36:26.503382 61.219.90.180         192.168.100.28        TCP      56710 > 6112 [ACK] Seq=2140233572 Ack=3124564337 Win=5840 Len=0
    582 2002-11-29 17:36:26.503382 192.168.100.28        61.219.90.180         TCP      6112 > 56711 [ACK] Seq=3124882182 Ack=2143412528 Win=23168 Len=0
    583 2002-11-29 17:36:26.503382 61.219.90.180         192.168.100.28        TCP      56711 > 6112 [ACK] Seq=2143412528 Ack=3124882182 Win=5840 Len=1448
    584 2002-11-29 17:36:26.503382 192.168.100.28        61.219.90.180         TCP      6112 > 56711 [ACK] Seq=3124882182 Ack=2143413976 Win=21720 Len=0
    585 2002-11-29 17:36:26.723367 61.219.90.180         192.168.100.28        TCP      56711 > 6112 [PSH, ACK] Seq=2143413976 Ack=3124882182 Win=5840 Len=1282
    586 2002-11-29 17:36:26.823360 192.168.100.28        61.219.90.180         TCP      6112 > 56711 [ACK] Seq=3124882182 Ack=2143415258 Win=20438 Len=0
    587 2002-11-29 17:36:37.392645 192.168.100.28        61.219.90.180         TCP      6112 > 56711 [FIN, ACK] Seq=3124882182 Ack=2143415258 Win=24616 Len=0
    588 2002-11-29 17:36:37.642628 61.219.90.180         192.168.100.28        TCP      56712 > ingreslock [SYN] Seq=2153507885 Ack=0 Win=5840 Len=0
    589 2002-11-29 17:36:37.642628 61.219.90.180         192.168.100.28        TCP      56711 > 6112 [ACK] Seq=2143415258 Ack=3124882183 Win=5840 Len=0
    590 2002-11-29 17:36:37.642628 192.168.100.28        61.219.90.180         TCP      ingreslock > 56712 [SYN, ACK] Seq=3127722945 Ack=2153507886 Win=24616 Len=0
    591 2002-11-29 17:36:37.862613 61.219.90.180         192.168.100.28        TCP      56712 > ingreslock [ACK] Seq=2153507886 Ack=3127722946 Win=5840 Len=0
    592 2002-11-29 17:36:37.882611 192.168.100.28        61.219.90.180         TCP      ingreslock > 56712 [PSH, ACK] Seq=3127722946 Ack=2153507886 Win=24616 Len=2
    593 2002-11-29 17:36:37.882611 61.219.90.180         192.168.100.28        TCP      56711 > 6112 [FIN, ACK] Seq=2143415258 Ack=3124882183 Win=5840 Len=0
    594 2002-11-29 17:36:37.882611 192.168.100.28        61.219.90.180         TCP      6112 > 56711 [ACK] Seq=3124882183 Ack=2143415259 Win=24616 Len=0
    595 2002-11-29 17:36:37.972605 61.219.90.180         192.168.100.28        TCP      56712 > ingreslock [PSH, ACK] Seq=2153507886 Ack=3127722946 Win=5840 Len=208
This extract was created with ethereal using display filter frame.number >= 561 && frame.number <= 595.
Last modified: Thu May 22 15:00:53 EEST 2003