Re: What's going on here?

From: wykkydat_private
Date: Mon Aug 26 2002 - 13:24:22 PDT

Next message: Russell Fulton: "RE: What's going on here?"

Previous message: Yonatan Bokovza: "RE: What's going on here?"
Maybe in reply to: Jackie: "What's going on here?"
Next in thread: wykkydat_private: "Re: What's going on here?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <C2DC75EEA405354AA9C03EF5CB8CDE080AC912at_private> >> >> FWIN,2002/08/23,18:47:42 -4:00 >> GMT,10.60.1.102:80,xxx.xx.96.7:9176,TCP (flags:S) >> FWIN,2002/08/23,18:47:42 -4:00 >> GMT,10.10.2.105:80,xxx.xx.96.7:13682,TCP (flags:S) > >Someone is scanning a victim that's in reserved address-space, >giving your address as decoy. > >see: >http://www.rootshell.be/~helevius/nid_3pe_v101.pdf > >Regards, >Yonatan. > No, if that was the case, they would have been SYN-ACK (or RST) packets, which they are not indicated as being. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

Next message: Russell Fulton: "RE: What's going on here?"
Previous message: Yonatan Bokovza: "RE: What's going on here?"
Maybe in reply to: Jackie: "What's going on here?"
Next in thread: wykkydat_private: "Re: What's going on here?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 26 2002 - 14:26:32 PDT