[ACK RST]
GDHough
mr6re9-mI4xJ4qlgtBiLUuM0BA3LQ at public.gmane.org
Wed Dec 17 13:20:41 UTC 2003
I came across some unusual probes from this week past and here are a couple
pieces:
Dec 7 17:58:30 SRC=82.35.107.218 DST=my.ip.addr.249 LEN=48 TOS=0x00 PREC=0x00
TTL=117 ID=1071 DF PROTO=TCP SPT=3227 DPT=1214 WINDOW=16384 RES=0x00 SYN
URGP=0
Dec 12 22:44:22 SRC=67.10.135.201 DST=my.ip.addr.116 LEN=40 TOS=0x00 PREC=0x00
TTL=236 ID=64154 DF PROTO=TCP SPT=2297 DPT=3787 WINDOW=0 RES=0x00 ACK RST
URGP=0
How are they related? That's what I'd like to know. The first packet is part
of a twelve hour probe and the second is one of two ACK RST's a few days
later, hidden in another string of probes.
It looks like KaZaA, but then again it don't. What do ya think it is?
My observations - http://farmer6re9.isa-geek.org/annals/owl/screech.txt ~25k
Sequence Plotted - http://farmer6re9.isa-geek.org/sv2492494.jpg ~74k
Just wondering if anyone else is seeing this...
Peace,
farmer6re9
--
Eating Crow is better with MyCrowSauce
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list