Re: netpay.tv connections

From: Harlan Carvey (keydet89_at_yahoo.com)
Date: 01/05/04

Next message: Moody, Chris: "RE: flood of SYN packets to port 110"

Previous message: Dave: "netpay.tv connections"
In reply to: Dave: "netpay.tv connections"
Next in thread: Jeremiah Cornelius: "Re: netpay.tv connections"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 5 Jan 2004 07:48:32 -0800 (PST)
To: Dave <bugtraq@neuromancer.cx>, incidents@securityfocus.com

Dave,

Is Neuromancer (ah, a fan of Gibson) running a web
server?

Is Neurmancer running anything on port 80?

Since these are all SYN packets that are being dropped
anyway...what's your concern? I mean, have you tried
pinging or scanning the source system to see if it
exists, rather than speculating that it might be
spoofed? You say that the site does not appear to be
online, but what does that mean? Do pings fail? ICMP
could be blocked.

--- Dave <bugtraq@neuromancer.cx> wrote:
>
> For at least the past 36 hours I've been getting
> connectons from netpay.
> I'm not sure if they are spoofed or not. The site
> doesnt appear to be
> online. Anyone else seeing this?
>
> here is a snip of tcpdump. I'm dropping the packets
> now though.
> 16:26:04.384446 netpay.tv.50971 > neuromancer.http:
> S
> 2510312004:2510312004(0) win 32120 <mss
> 1460,sackOK,timestamp 1054041
> 1342177280,nop,wscale 0> (DF)
> 16:26:23.879499 netpay.tv.10914 > neuromancer.http:
> S
> 145676099:145676099(0) win 32120 <mss
> 1460,sackOK,timestamp 7689247
> 1073741824,nop,wscale 0> (DF)
> 16:26:43.380204 netpay.tv.27754 > neuromancer.http:
> S
> 3896401425:3896401425(0) win 32120 <mss
> 1460,sackOK,timestamp 3454532
> 2130706432,nop,wscale 0> (DF)
> 16:27:03.943005 netpay.tv.3174 > neuromancer.http: S
> 1901546852:1901546852(0) win 32120 <mss
> 1460,sackOK,timestamp 2582705
> 2113929216,nop,wscale 0> (DF
>
>
---------------------------------------------------------------------------
>
----------------------------------------------------------------------------
>

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Moody, Chris: "RE: flood of SYN packets to port 110"

Previous message: Dave: "netpay.tv connections"
In reply to: Dave: "netpay.tv connections"
Next in thread: Jeremiah Cornelius: "Re: netpay.tv connections"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]