On Fri, 2003-01-31 at 07:03, Tomasz Papszun wrote: > > Similarly at my networks. > Yesterday evening (Jan 29 21:10 GMT+1) a very noticeable stream of such > packets started to come into my networks. > > All are TCP, from 255.255.255.255(80), destined to various random > addresses (even not used) to various port numbers. > > This appearance is very noticeable. Before yesterday, single packets > from 255.255.255.255 were coming in rate about one for three weeks. > Since yesterday there have been about 1680 for 22 hours. We are also seeing these, tcp flags are RST+ACK seq number and window size both zero and varying Ack and ttl. Not all addresses in our net are being hit, in one /24 I checked only two addresses have been probed. -- Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand "It aint necessarily so" - Gershwin ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jan 31 2003 - 11:27:15 PST