Educause Security Discussion mailing list archives
Re: Data in SYN Packets
From: Justin Klein Keane <jukeane () SAS UPENN EDU>
Date: Mon, 26 Mar 2007 15:35:25 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Could that possibly be part of an effort to tunnel through DNS? ref: http://slashdot.org/article.pl?sid=00/09/10/2230242 - -- Justin C. Klein Keane Sr. Programmer Analyst University of Pennsylvania School of Arts and Sciences Computing Institutional Research and Application Development 3600 Market St. Room 512 Philadelphia, PA 19104 215.898.0236(p) 215.573.3166(f) Mike Hanson wrote:
Hello, In our IPS log I see the following entry *TCP C2S Ambiguity: Data in SYN Packet* daily directed towards our DNS server. These packets are coming from four or so different addresses in China. I did a brief Google search with results being a few or more years old. A couple of the posts reported the same *Data in SYN Packet* with the originating addresses also from China. Can anybody shed light on this? Thank you very much. Mike Hanson Network Security Manager The College of St. Scholastica Duluth, MN 55811 ( mailto:n () css edu )
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) iD8DBQFGCCB9R4a3EW2yjlQRAur4AJ0au9h5EkNpVdx0kHdpgaoFEFFNrwCePLXr Y1EZr02ACVowJyxqAVTZm2A= =6cA6 -----END PGP SIGNATURE-----
Current thread:
- Data in SYN Packets Mike Hanson (Mar 26)
- <Possible follow-ups>
- Re: Data in SYN Packets Justin Klein Keane (Mar 26)
- Re: Data in SYN Packets scott hollatz (Mar 26)
- Re: Data in SYN Packets Gibson, Nathan J. (HSC) (Mar 26)
- Re: Data in SYN Packets Mark Newman (Mar 26)
- Re: Data in SYN Packets Valdis Kletnieks (Mar 26)
- Re: Data in SYN Packets John Kristoff (Mar 27)
- Re: Data in SYN Packets scott hollatz (Mar 27)