Hi, I received a packet on my cable modem today, allegedly from microsoft.com: 18:41:35.663374 207.46.249.190.80 > my.cable.modem.ip.1681: S866282571:866282571(0) ack 268566529 win 16384 <mss 1460> $ host 207.46.249.190 Name: www.domestic.microsoft.com Address: 207.46.249.190 Aliases: microsoft.com microsoft.net www.us.microsoft.com No one was home at this time, and no computer running windows was active, so I'm pretty sure this was not legit traffic (unless it was a *very* delayed ack from a microsoft server, like > 6 hours. I guess this is conceivable, given their current, er, issues :). Is this some sort of known "attack"? Or just random weiredness? Cheers, -- Michael Rowe <mroweat_private> IM - mroweat_private Prof - ACM, IEEE, Computer Soc. Web - http://www.mojain.com/ Vice - Barley malt, brewed or Key - http://mojain.com/keys/mrowe.asc distilled (hold the ice) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 08:50:35 PST