Re: What's going on here?

From: wykkydat_private
Date: Mon Aug 26 2002 - 13:24:22 PDT

  • Next message: Russell Fulton: "RE: What's going on here?"

     ('binary' encoding is not supported, stored as-is)
    In-Reply-To: <C2DC75EEA405354AA9C03EF5CB8CDE080AC912at_private>
    >> FWIN,2002/08/23,18:47:42 -4:00 
    >> GMT,,xxx.xx.96.7:9176,TCP (flags:S)
    >> FWIN,2002/08/23,18:47:42 -4:00 
    >> GMT,,xxx.xx.96.7:13682,TCP (flags:S)
    >Someone is scanning a victim that's in reserved address-space,
    >giving your address as decoy.
    No, if that was the case, they would have been SYN-ACK (or RST) packets, 
    which they are not indicated as being.
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Mon Aug 26 2002 - 14:26:32 PDT