Packet from port 80 with spoofed ip

From: Michael Rowe (
Date: 01/29/03

  • Next message: "RE: MSDE contained in..."
    Date: Wed, 29 Jan 2003 21:46:53 +1100
    From: Michael Rowe <>


    I received a packet on my cable modem today, allegedly from

    18:41:35.663374 > my.cable.modem.ip.1681: S866282571:866282571(0) ack 268566529 win 16384 <mss 1460>

    $ host

    No one was home at this time, and no computer running windows was
    active, so I'm pretty sure this was not legit traffic (unless it was a
    *very* delayed ack from a microsoft server, like > 6 hours. I guess
    this is conceivable, given their current, er, issues :).

    Is this some sort of known "attack"? Or just random weiredness?


    Michael Rowe <>
    IM  -                Prof - ACM, IEEE, Computer Soc.
    Web -          Vice - Barley malt, brewed or
    Key -       distilled (hold the ice)
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: