Educause Security Discussion mailing list archives
Re: Data in SYN Packets
From: "Gibson, Nathan J. (HSC)" <Nathan-Gibson () OUHSC EDU>
Date: Mon, 26 Mar 2007 14:53:02 -0500
It could be that a different O/S could use this information. It may be a packet that could cause malicious attacks on a different platform but your machine sees it as a "corrupt" packet because it carries extra data and drops it. V/R, Nathan J. Gibson, CISSP Information Technology, Information Security Services University of Oklahoma Health Sciences Center Rogers Building, Room 128 Office: (405) 271-2476 Fax: (405) 271-2181 EXT:50270 Cell: (405) 397 5134 http://it.ouhsc.edu/services/infosecurity Confidentiality Notice This e-mail, including any attachments, contains information from the University of Oklahoma Health Sciences Center, which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this e-mail in error, please notify the sender immediately by a "reply to sender only" message and destroy all electronic and hard copies of the communication, including attachments. -----Original Message----- From: Mike Hanson [mailto:MHanson () CSS EDU] Sent: Monday, March 26, 2007 2:25 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Data in SYN Packets Hello, In our IPS log I see the following entry *TCP C2S Ambiguity: Data in SYN Packet* daily directed towards our DNS server. These packets are coming from four or so different addresses in China. I did a brief Google search with results being a few or more years old. A couple of the posts reported the same *Data in SYN Packet* with the originating addresses also from China. Can anybody shed light on this? Thank you very much. Mike Hanson Network Security Manager The College of St. Scholastica Duluth, MN 55811 ( mailto:n () css edu )
Current thread:
- Data in SYN Packets Mike Hanson (Mar 26)
- <Possible follow-ups>
- Re: Data in SYN Packets Justin Klein Keane (Mar 26)
- Re: Data in SYN Packets scott hollatz (Mar 26)
- Re: Data in SYN Packets Gibson, Nathan J. (HSC) (Mar 26)
- Re: Data in SYN Packets Mark Newman (Mar 26)
- Re: Data in SYN Packets Valdis Kletnieks (Mar 26)
- Re: Data in SYN Packets John Kristoff (Mar 27)
- Re: Data in SYN Packets scott hollatz (Mar 27)