Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > incidents > 03 > 010487.html (Request Expert securityfocus.com Support)

Packet from port 80 with spoofed microsoft.com ip

From: Michael Rowe <mrowe(at)mojain.com>
Date: Wed Jan 29 2003 - 05:46:53 EST


Hi,

I received a packet on my cable modem today, allegedly from microsoft.com:

18:41:35.663374 207.46.249.190.80 > my.cable.modem.ip.1681: S866282571:866282571(0) ack 268566529 win 16384 <mss 1460>

$ host 207.46.249.190
Name: www.domestic.microsoft.com
Address: 207.46.249.190
Aliases: microsoft.com microsoft.net www.us.microsoft.com

No one was home at this time, and no computer running windows was active, so I'm pretty sure this was not legit traffic (unless it was a *very* delayed ack from a microsoft server, like > 6 hours. I guess this is conceivable, given their current, er, issues :).

Is this some sort of known "attack"? Or just random weiredness?

Cheers, 

-- 
Michael Rowe 

IM  - mrowe@jabber.org                Prof - ACM, IEEE, Computer Soc.
Web - 
http://www.mojain.com/          Vice - Barley malt, brewed or
Key - 
http://mojain.com/keys/mrowe.asc       distilled (hold the ice)


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com
Received on Wed Jan 29 11:51:04 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:56 EDT

Do you need help?X
Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library