Re: Packet from port 80 with spoofed microsoft.com ip

On Wed, 29 Jan 2003 21:46:53 +1100
Michael Rowe <mrowe@mojain.com> wrote:

MR> I received a packet on my cable modem today, allegedly from MR> microsoft.com:
(snip)

MR> $ host 207.46.249.190
MR> Name: www.domestic.microsoft.com
MR> Address: 207.46.249.190
MR> Aliases: microsoft.com microsoft.net www.us.microsoft.com
	One should not trust reverse DNS for identification.  The

        I'm not saying the packet didn't come from there, as I didn't bother checking. But that verification should be done with the proper authority (whois @internic.net, perhaps?).

MR> Is this some sort of known "attack"? Or just random weiredness?

        I see no known pattern, but that could be explained, as you said, by several random activities. For example, someone could have spoofed a SYN with your IP as source. Let's see what other people have to say. :)

Regards,

-- 
Thiago Figueiró
Infraestrutura
Cipher Technology
www.ciphertech.com.br
_______________________________________________
"Segurança em TI - Uma especialidade Cipher Technology"

disclaimer: the opinions in this message are my own and do not represent
my employer's view.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com