> On Wed, 29 Jan 2003 21:46:53 +1100, > Michael Rowe <mroweat_private> wrote: > >I received a packet on my cable modem today, allegedly from > >microsoft.com: > > > >18:41:35.663374 207.46.249.190.80 > my.cable.modem.ip.1681: > +S866282571:866282571(0) ack 268566529 win 16384 <mss 1460> > > I am seeing theese to, I have a friend an NIPC who says they > part of the MS-SQL2 wworm relased on sunday. It's the prelimanry > handshake for a ddos network but the packets are out of sync. > Hello there Alvin, DO you know if these packets will affect other operating systems than Microsoft? Is this only if MSDN is installed? If the DDOS network is being constructed in this fashion then there could be problems with lots of non patched other systems and also Microsoft. It is very subtle and hard to detect without closely monitoring your intrusion logs. THank you for talking to your friend in NIPC as he must be very busy at this time!!! I am sure other readers appreciate this too. Hulio Cortez CCNA > -- > Alvin Krowlekon. CISSP.MCP > -- ____________________________________________________ Get your own Hello Kitty email @ www.sanriotown.com Powered by Outblaze ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Feb 02 2003 - 08:36:10 PST