Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Packet from port 80 with spoofed microsoft.com ip

From: Michael Rowe <mrowe () mojain com>
Date: Wed, 29 Jan 2003 21:46:53 +1100
Hi,

I received a packet on my cable modem today, allegedly from
microsoft.com: 

18:41:35.663374 207.46.249.190.80 > my.cable.modem.ip.1681: S866282571:866282571(0) ack 268566529 win 16384 <mss 1460>

$ host 207.46.249.190   
Name: www.domestic.microsoft.com
Address: 207.46.249.190
Aliases: microsoft.com microsoft.net www.us.microsoft.com

No one was home at this time, and no computer running windows was
active, so I'm pretty sure this was not legit traffic (unless it was a
*very* delayed ack from a microsoft server, like > 6 hours. I guess
this is conceivable, given their current, er, issues :).

Is this some sort of known "attack"? Or just random weiredness?

Cheers,

-- 
Michael Rowe <mrowe () mojain com>

IM  - mrowe () jabber org                Prof - ACM, IEEE, Computer Soc.
Web - http://www.mojain.com/          Vice - Barley malt, brewed or
Key - http://mojain.com/keys/mrowe.asc       distilled (hold the ice)


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: