Educause Security Discussion mailing list archives

Re: Data in SYN Packets

From: John Kristoff <jtk () DEPAUL EDU>
Date: Tue, 27 Mar 2007 09:44:50 -0500

On Mon, 26 Mar 2007 14:24:39 -0500
Mike Hanson <MHanson () CSS EDU> wrote:

In our IPS log I see the following entry *TCP C2S Ambiguity: Data in
SYN Packet* daily directed towards our DNS server. These packets are
coming from four or so different addresses in China.  I did a brief
Google search with results being a few or more years old. A couple of
the posts reported the same *Data in SYN Packet* with the
originating addresses also from China.

Can anybody shed light on this?


Mike,

If you still see it coming and can grab some full packet capture samples
of them and don't mind sending them to me I'd like to take a look.

John

Current thread:

Data in SYN Packets Mike Hanson (Mar 26)
- <Possible follow-ups>
- Re: Data in SYN Packets Justin Klein Keane (Mar 26)
- Re: Data in SYN Packets scott hollatz (Mar 26)
- Re: Data in SYN Packets Gibson, Nathan J. (HSC) (Mar 26)
- Re: Data in SYN Packets Mark Newman (Mar 26)
- Re: Data in SYN Packets Valdis Kletnieks (Mar 26)
- Re: Data in SYN Packets John Kristoff (Mar 27)
- Re: Data in SYN Packets scott hollatz (Mar 27)