Hosting Provided By

Re: Packet from port 80 with spoofed microsoft.com ip

From: zmajd fully <istoleyourmonkeys(at)hairdresser.net>
Date: Thu Jan 30 2003 - 18:52:35 EST

On Wed, 29 Jan 2003 21:46:53 +1100,
Michael Rowe <mrowe@mojain.com> wrote:
>I received a packet on my cable modem today, allegedly from
>microsoft.com:
>
>18:41:35.663374 207.46.249.190.80 > my.cable.modem.ip.1681:
+S866282571:866282571(0) ack 268566529 win 16384 <mss 1460>

I am seeing theese to, I have a friend an NIPC who says they part of the MS-SQL2 wworm relased on sunday. It's the prelimanry handshake for a ddos network but the packets are out of sync.

--
Alvin Krowlekon. CISSP.MCP

-- 
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com

Received on Fri Jan 31 14:29:46 2003

This message: [ Message body ]
Next message: Russell Fulton: "Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip)"
Previous message: Larsen, Colin: "RE: Packet from port 80 with spoofed microsoft.com ip"
Maybe in reply to: Michael Rowe: "Packet from port 80 with spoofed microsoft.com ip"
Reply: Hulio Cortez: "Re: Packet from port 80 with spoofed microsoft.com ip"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:56 EDT