Hi all, after setting the snort rules for nimda to pass I enjoyed the sudden silence screaming through my network. But then I find this more philosophical entries in the logs: Occuring from 4 ascending source ports: 62249 - 62252 All within in the same second. First: 127.0.0.1 -> 62.208.xx.xx:80 ACK no payload Then: 127.0.0.1 -> 62.208.xx.xx:80 RST payload 'tcp_lift_anchor, can't wait' The destination is not within my jurisdiction but is on the same net as the sensor. Don't know what that is or were it really came from. Only thing I know is that it seems to be in a real hurry :) CU Sven ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Sep 20 2001 - 07:43:15 PDT