Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > incidents > 03 > 010519.html (Request Expert securityfocus.com Support)

Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip)

From: Russell Fulton <r.fulton(at)auckland.ac.nz>
Date: Thu Jan 30 2003 - 18:45:29 EST

On Fri, 2003-01-31 at 07:03, Tomasz Papszun wrote:
>
> Similarly at my networks.

We are also seeing these, tcp flags are RST+ACK seq number and window size both zero and varying Ack and ttl. Not all addresses in our net are being hit, in one /24 I checked only two addresses have been probed. 

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

"It aint necessarily so"  - Gershwin


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com
Received on Fri Jan 31 14:30:42 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:56 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library