Re: Packet from port 80 with spoofed microsoft.com ip

From: zmajd fully (istoleyourmonkeysat_private)
Date: Thu Jan 30 2003 - 15:52:35 PST

Next message: Peter Triller: "Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip)"

Previous message: Russell Fulton: "Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip)"
Maybe in reply to: Michael Rowe: "Packet from port 80 with spoofed microsoft.com ip"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 29 Jan 2003 21:46:53 +1100,
Michael Rowe <mroweat_private> wrote:
>I received a packet on my cable modem today, allegedly from
>microsoft.com:
>
>18:41:35.663374 207.46.249.190.80 > my.cable.modem.ip.1681:
+S866282571:866282571(0) ack 268566529 win 16384 <mss 1460>

I am seeing theese to, I have a friend an NIPC who says they
part of the MS-SQL2 wworm relased on sunday. It's the prelimanry
handshake for a ddos network but the packets are out of sync.

--
Alvin Krowlekon. CISSP.MCP

-- 
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Peter Triller: "Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip)"
Previous message: Russell Fulton: "Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip)"
Maybe in reply to: Michael Rowe: "Packet from port 80 with spoofed microsoft.com ip"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 31 2003 - 11:29:33 PST