How does an ACK packet constitute an "attack"? Did you run netstat on your system to view the states of connections on that system? How did you determine that the packet had been spoofed? --- Michael Rowe <mroweat_private> wrote: > Hi, > > I received a packet on my cable modem today, > allegedly from > microsoft.com: > > 18:41:35.663374 207.46.249.190.80 > > my.cable.modem.ip.1681: S866282571:866282571(0) ack > 268566529 win 16384 <mss 1460> > > $ host 207.46.249.190 > Name: www.domestic.microsoft.com > Address: 207.46.249.190 > Aliases: microsoft.com microsoft.net > www.us.microsoft.com > > No one was home at this time, and no computer > running windows was > active, so I'm pretty sure this was not legit > traffic (unless it was a > *very* delayed ack from a microsoft server, like > 6 > hours. I guess > this is conceivable, given their current, er, issues > :). > > Is this some sort of known "attack"? Or just random > weiredness? > > Cheers, > > -- > Michael Rowe <mroweat_private> > > IM - mroweat_private Prof - ACM, > IEEE, Computer Soc. > Web - http://www.mojain.com/ Vice - Barley > malt, brewed or > Key - http://mojain.com/keys/mrowe.asc > distilled (hold the ice) > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS > analyzer service. > For more information on this free incident handling, > management > and tracking system please see: > http://aris.securityfocus.com > __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 15:26:03 PST