On Wed, 29 Jan 2003 21:46:53 +1100, Michael Rowe <mroweat_private> wrote: >I received a packet on my cable modem today, allegedly from >microsoft.com: > >18:41:35.663374 207.46.249.190.80 > my.cable.modem.ip.1681: S866282571:866282571(0) ack 268566529 win 16384 <mss 1460> I am seeing a lot of sync/ack packets from port 80 to non-existent addresses on my networks. Somebody is spoofing source addresses to attack hosts, we are just innocent victims. When will ISPs learn that they should filter their customer's packets to prevent spoofing? I am even seeing syn/ack packets from 255.255.255.255:80! ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 09:31:38 PST