|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip)
Date: Thu Jan 30 2003 - 16:12:30 EST
Tomasz Papszun wrote:
I noticed these too. Mine have the Ack and Reset bits set. Varying TTL and ACK numbers. Started Jan 29 around 1500 EST. Coming in every few seconds.
I haven't found anything going out that would cause it.
Some kind of back scatter?
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
01/30-14:34:56.589287 255.255.255.255:80 -> InternalAddress:14236 TCP TTL:238 TOS:0x0 ID:35439 IpLen:20 DgmLen:40 ***A*R** Seq: 0x0 Ack: 0x231F0001 Win: 0x0 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
01/30-14:35:07.893039 255.255.255.255:80 -> InternalAddress:27089 TCP TTL:239 TOS:0x0 ID:56658 IpLen:20 DgmLen:40 ***A*R** Seq: 0x0 Ack: 0x3B750001 Win: 0x0 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
01/30-14:35:09.084256 255.255.255.255:80 -> InternalAddress:30686 TCP TTL:240 TOS:0x0 ID:44866 IpLen:20 DgmLen:40 ***A*R** Seq: 0x0 Ack: 0x41A60001 Win: 0x0 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
01/30-14:35:16.911968 255.255.255.255:80 -> InternalAddress:28140 TCP TTL:243 TOS:0x0 ID:53522 IpLen:20 DgmLen:40 ***A*R** Seq: 0x0 Ack: 0x78E20001 Win: 0x0 TcpLen: 20
-- Gary Flynn Security Engineer - Technical Services James Madison University ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.comReceived on Fri Jan 31 14:34:21 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:56 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |