Hosting Provided By

Re: Packet from port 80 with spoofed microsoft.com ip

From: Michael Rowe <mrowe(at)mojain.com>
Date: Thu Jan 30 2003 - 06:19:25 EST

On 03/01/29 12:01 -0800, H C wrote:
> How does an ACK packet constitute an "attack"?

Yes, I was using the term loosely...

> Did you run netstat on your system to view the states

I wasn't at home at the time, so no. But I'm pretty sure none of my linux machines would be autonomously opening connections to microsoft.com... :)

> How did you determine that the packet had been

Pure speculation!

-- 
Michael Rowe 

IM  - mrowe@jabber.org                Prof - ACM, IEEE, Computer Soc.
Web - 
http://www.mojain.com/          Vice - Barley malt, brewed or
Key - 
http://mojain.com/keys/mrowe.asc       distilled (hold the ice)


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com

Received on Thu Jan 30 13:27:07 2003

This message: [ Message body ]
Next message: dr john halewood: "Re: Packet from port 80 with spoofed microsoft.com ip"
Previous message: Rich Puhek: "Re: Packet from port 80 with spoofed microsoft.com ip"
In reply to H C: "Re: Packet from port 80 with spoofed microsoft.com ip"
Next in thread: Kurt Seifried: "Re: Packet from port 80 with spoofed microsoft.com ip"
Reply: Kurt Seifried: "Re: Packet from port 80 with spoofed microsoft.com ip"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:56 EDT

Do you need help?