Re: Ok, who's having a laugh? 127.0.0.1 tried to hack me!
From: BerkHolz, Steven (SB-nospam-_at_tescogroup.com)
Date: 09/09/03
- Next message: Jason: "Re: Thanks All"
- Previous message: Frode: "Re: Thanks All"
- In reply to: Dave Korn: "Ok, who's having a laugh? 127.0.0.1 tried to hack me!"
- Next in thread: Bruce Porter: "Re: Ok, who's having a laugh? 127.0.0.1 tried to hack me!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 9 Sep 2003 08:14:41 -0400
You should block all private IPs at your border router.
Steven BerkHolz
"Dave Korn" <no.spam@my.mailbox.invalid> wrote in message
news:0h47b.4387$Ve3.1503@newsfep4-winn.server.ntli.net...
>
> I just received a couple of very strange packets. Came in over the wire
> from my ISP's UBR with the correct MAC addresses, it's definitely a
spoofed
> packet; TTL suggests it most likely came from 9 hops away, which is
probably
> still within my ISP's borders.
>
> Anyone else seen anything like this recently ?
>
> Frame 31 (60 on wire, 60 captured)
> Ethernet II
> Internet Protocol, Src Addr: 127.0.0.1 (127.0.0.1), Dst Addr: 80.1.204.18
> (80.1.204.18)
> Version: 4
> Header length: 20 bytes
> Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
> Total Length: 40
> Identification: 0x8c7b
> Flags: 0x00
> Fragment offset: 0
> Time to live: 119
> Protocol: TCP (0x06)
> Header checksum: 0x1c40 (correct)
> Source: 127.0.0.1 (127.0.0.1)
> Destination: 80.1.204.18 (80.1.204.18)
> Transmission Control Protocol, Src Port: 80 (80), Dst Port: 1380 (1380),
> Seq: 0, Ack: 938672129
> Source port: 80 (80)
> Destination port: 1380 (1380)
> Sequence number: 0
> Acknowledgement number: 938672129
> Header length: 20 bytes
> Flags: 0x0014 (RST, ACK)
> Window size: 0
> Checksum: 0xd713 (correct)
>
> 0000 ** ** ** ** ** ** ** ** ** ** ** ** 08 00 45 00 ..............E.
> 0010 00 28 8c 7b 00 00 77 06 1c 40 7f 00 00 01 50 01 .(.{..w..@....P.
> 0020 cc 12 00 50 05 64 00 00 00 00 37 f3 00 01 50 14 ...P.d....7...P.
> 0030 00 00 d7 13 00 00 00 00 00 00 00 00 ............
>
> Frame 32 (60 on wire, 60 captured)
> Ethernet II
> Internet Protocol, Src Addr: 127.0.0.1 (127.0.0.1), Dst Addr: 80.1.204.18
> (80.1.204.18)
> Version: 4
> Header length: 20 bytes
> Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
> Total Length: 40
> Identification: 0x8fe9
> Flags: 0x00
> Fragment offset: 0
> Time to live: 119
> Protocol: TCP (0x06)
> Header checksum: 0x18d2 (correct)
> Source: 127.0.0.1 (127.0.0.1)
> Destination: 80.1.204.18 (80.1.204.18)
> Transmission Control Protocol, Src Port: 80 (80), Dst Port: 1876 (1876),
> Seq: 0, Ack: 2001993729
> Source port: 80 (80)
> Destination port: 1876 (1876)
> Sequence number: 0
> Acknowledgement number: 2001993729
> Header length: 20 bytes
> Flags: 0x0014 (RST, ACK)
> Window size: 0
> Checksum: 0x95c2 (correct)
>
> 0000 ** ** ** ** ** ** ** ** ** ** ** ** 08 00 45 00 ..............E.
> 0010 00 28 8f e9 00 00 77 06 18 d2 7f 00 00 01 50 01 .(....w.......P.
> 0020 cc 12 00 50 07 54 00 00 00 00 77 54 00 01 50 14 ...P.T....wT..P.
> 0030 00 00 95 c2 00 00 00 00 00 00 00 00 ............
>
>
> DaveK
> --
> moderator of
> alt.talk.rec.soc.biz.news.comp.humanities.meow.misc.moderated.meow
> Burn your ID card! http://www.optional-identity.org.uk/
> Help support the campaign, copy this into your .sig!
> Proud Member of the Exclusive "I have been plonked by Davee because he
> thinks I'm interesting" List Member #<insert number here>
> Master of Many Meowing Minions
> Holder of the exhalted PF Chang's Crab Wonton Award for kook spankage
above
> and beyond the call of hilarity.
> PGP Key-ID: 0x0FB504D1 Fingerprint 04B7 2E8C 0245 680E 6484 C441 CEC7
D2BD
>
>
>
- Next message: Jason: "Re: Thanks All"
- Previous message: Frode: "Re: Thanks All"
- In reply to: Dave Korn: "Ok, who's having a laugh? 127.0.0.1 tried to hack me!"
- Next in thread: Bruce Porter: "Re: Ok, who's having a laugh? 127.0.0.1 tried to hack me!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
