Security Incidents mailing list archives
Packet from port 80 with spoofed microsoft.com ip
From: Michael Rowe <mrowe () mojain com>
Date: Wed, 29 Jan 2003 21:46:53 +1100
Hi, I received a packet on my cable modem today, allegedly from microsoft.com: 18:41:35.663374 207.46.249.190.80 > my.cable.modem.ip.1681: S866282571:866282571(0) ack 268566529 win 16384 <mss 1460> $ host 207.46.249.190 Name: www.domestic.microsoft.com Address: 207.46.249.190 Aliases: microsoft.com microsoft.net www.us.microsoft.com No one was home at this time, and no computer running windows was active, so I'm pretty sure this was not legit traffic (unless it was a *very* delayed ack from a microsoft server, like > 6 hours. I guess this is conceivable, given their current, er, issues :). Is this some sort of known "attack"? Or just random weiredness? Cheers, -- Michael Rowe <mrowe () mojain com> IM - mrowe () jabber org Prof - ACM, IEEE, Computer Soc. Web - http://www.mojain.com/ Vice - Barley malt, brewed or Key - http://mojain.com/keys/mrowe.asc distilled (hold the ice) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Packet from port 80 with spoofed microsoft.com ip Michael Rowe (Jan 29)
- Re: Packet from port 80 with spoofed microsoft.com ip Chris Wilkes (Jan 29)
- Re: Packet from port 80 with spoofed microsoft.com ip Thiago Conde Figueiró (Jan 29)
- Re: Packet from port 80 with spoofed microsoft.com ip Rich Puhek (Jan 30)
- Re: Packet from port 80 with spoofed microsoft.com ip H C (Jan 29)
- Re: Packet from port 80 with spoofed microsoft.com ip Keith Owens (Jan 30)
- Message not available
- Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Russell Fulton (Jan 31)
- Message not available
- Message not available
- <Possible follow-ups>
- RE: Packet from port 80 with spoofed microsoft.com ip NESTING, DAVID M (SBCSI) (Jan 29)