On Wed, 29 Jan 2003 21:46:53 +1100, Michael Rowe <mroweat_private> wrote: >I received a packet on my cable modem today, allegedly from >microsoft.com: > >18:41:35.663374 207.46.249.190.80 > my.cable.modem.ip.1681: +S866282571:866282571(0) ack 268566529 win 16384 <mss 1460> I am seeing theese to, I have a friend an NIPC who says they part of the MS-SQL2 wworm relased on sunday. It's the prelimanry handshake for a ddos network but the packets are out of sync. -- Alvin Krowlekon. CISSP.MCP -- __________________________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jan 31 2003 - 11:29:33 PST