|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip)
From: Peter Triller <ptriller(at)xebec.de>
Date: Thu Jan 30 2003 - 21:01:49 EST
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Fri Jan 31 14:32:11 2003
Date: Thu Jan 30 2003 - 21:01:49 EST
>I am seeing a lot of sync/ack packets from port 80 to non-existent
>they should filter their customer's packets to prevent spoofing? I am
> even seeing syn/ack packets from 255.255.255.255:80!
I cant see much reason in such packets, since they wont give any feedback. sport 80 is obviously to bypass some firewalls. But if he doesnt get feedback only 2 reasons pop into mind: - an attack similar to the worm , but the random ports don't make sense then - a very badly configured and/or broken piece of software/hadware.
Peter
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Fri Jan 31 14:32:11 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:56 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |