Re: Packet from port 80 with spoofed microsoft.com ip
From: Michael Rowe (mrowe@mojain.com)
Date: 01/30/03
- Previous message: Michael Rowe: "Re: Packet from port 80 with spoofed microsoft.com ip"
- In reply to: NESTING, DAVID M (SBCSI): "RE: Packet from port 80 with spoofed microsoft.com ip"
- Next in thread: Keith Owens: "Re: Packet from port 80 with spoofed microsoft.com ip"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Jan 2003 22:22:05 +1100 From: Michael Rowe <mrowe@mojain.com> To: incidents@securityfocus.com
On 03/01/29 14:11 -0600, NESTING, DAVID M (SBCSI) wrote:
> Are you SURE nothing on your end would have attempted to initiate a
> connection to this site? When you say your Windows computers weren't
> "active", did you mean they were physically powered off, or just idle?
Yeah, turned off.
On balance, it seems like the mostly likely explaination is my IP
being used in a spoofed SYN attack. A distant second: the MS web
server sending a wildly delayed ack to a legitimate connection.
Thanks for the responses!
-- Michael Rowe <mrowe@mojain.com> IM - mrowe@jabber.org Prof - ACM, IEEE, Computer Soc. Web - http://www.mojain.com/ Vice - Barley malt, brewed or Key - http://mojain.com/keys/mrowe.asc distilled (hold the ice) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Next message: David Hickman: "Re: Firewall logging port 6346"
- Previous message: Michael Rowe: "Re: Packet from port 80 with spoofed microsoft.com ip"
- In reply to: NESTING, DAVID M (SBCSI): "RE: Packet from port 80 with spoofed microsoft.com ip"
- Next in thread: Keith Owens: "Re: Packet from port 80 with spoofed microsoft.com ip"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
