Hosting Provided By

Re: Packet from port 80 with spoofed microsoft.com ip

From: Michael Rowe <mrowe(at)mojain.com>
Date: Thu Jan 30 2003 - 06:22:05 EST

On 03/01/29 14:11 -0600, NESTING, DAVID M (SBCSI) wrote:
> Are you SURE nothing on your end would have attempted to initiate a

Yeah, turned off.

On balance, it seems like the mostly likely explaination is my IP being used in a spoofed SYN attack. A distant second: the MS web server sending a wildly delayed ack to a legitimate connection.

Thanks for the responses!

-- 
Michael Rowe 

IM  - mrowe@jabber.org                Prof - ACM, IEEE, Computer Soc.
Web - 
http://www.mojain.com/          Vice - Barley malt, brewed or
Key - 
http://mojain.com/keys/mrowe.asc       distilled (hold the ice)


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com

Received on Thu Jan 30 14:03:35 2003

This message: [ Message body ]
Next message: David Hickman: "Re: Firewall logging port 6346"
Previous message: Michael Rowe: "Re: Packet from port 80 with spoofed microsoft.com ip"
In reply to NESTING, DAVID M (SBCSI): "RE: Packet from port 80 with spoofed microsoft.com ip"
Reply: Larsen, Colin: "RE: Packet from port 80 with spoofed microsoft.com ip"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:56 EDT