ENOSIG Discussie (threads)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Weird packet

Subject: Re: Weird packet
From: Lionel Elie Mamane <lionel@xxxxxxxxx>
Date: Wed, 20 Mar 2002 13:00:51 +0100

On Wed, Mar 20, 2002 at 10:59:27AM +0100, Joost van Baal wrote:

>> Has anyone any idea why a machine get such a packet?

>> Packet log: input *ACTION* *iface* PROTO=6 207.46.197.102:65535 *my_machine_ip*:65535 L=756 S=0x00 I=33890 F=0x005D T=51 (#20)

>> whois 207.46.197.102
>> Microsoft (NETBLK-MICROSOFT-GLOBAL-NET)

> Perhaps the source address is spoofed?

I fail to see what the sender would gain... An RST storm on
Microsoft's web server? Come on...There are much more efficient DOS
attacks...

> Or it's some Microsoft automatic software update thingie?

Well... might be.... But this is a SYN packet... It seems really
strange to me they would use such a method, where their machine makes
a connection to the client's machine...

> Machine 207.46.197.102 is unreachable now, btw.

You mean by ping? This is "normal", Microsoft's web server haven't
been responding to ping's for years. There is a web server running and
responding on it, though.

I have half a mind to run tcpdump and look at these packets more
closely...

Gerelateerd:

Weird packet, Lionel Elie Mamane <lionel@xxxxxxxxx>, 2002/03/20
Re: Weird packet, Joost van Baal <joostvb@xxxxxxx>, 2002/03/20

Prev by Date: Re: Weird packet
Next by Date: Re: wireless ?
Previous by thread: Re: Weird packet
Next by thread: 2 events

[ Date Index] [ Thread Index]