pb, < It's not like there's a standard signature... ACK FIN URG set or something. Some have two flags, some have three, some have all six, some have none. It really seems like someone is manipulating these packets. > It sure does seem that way, in fact I noticed in some of your output that the header size was 0. Now we all know thats a sure impossibility. Pix wont pass anything from a high -> low interface without a bare SYN on it 1st anyways, so we can bet its not going to get anywhere. Mirror a port and throw a sniffer there and monitor the port in question. If you find the garbage is truly garbage, and pix is reporting correctly, trace it back to the user. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri May 10 2002 - 10:58:09 PDT