Re: Data in SYN Packets

["Gibson, Nathan J. (HSC)" <Nathan-Gibson () OUHSC EDU>]

It could be that a different O/S could use this information. It may be a packet that could cause malicious attacks on a 
different platform but your machine sees it as a "corrupt" packet because it carries extra data and drops it. 

V/R,
Nathan J. Gibson, CISSP
Information Technology, Information Security Services
University of Oklahoma Health Sciences Center
Rogers Building, Room 128
Office: (405) 271-2476
Fax: (405) 271-2181
EXT:50270
Cell: (405) 397 5134
http://it.ouhsc.edu/services/infosecurity


Confidentiality Notice
This e-mail, including any attachments, contains information from the University of Oklahoma Health Sciences Center, 
which may be confidential or privileged. The information is intended to be for the use of the individual or entity 
named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the 
contents of this information is prohibited.
 
If you have received this e-mail in error, please notify the sender immediately by a "reply to sender only" message and 
destroy all electronic and hard copies of the communication, including attachments.


-----Original Message-----
From: Mike Hanson [mailto:MHanson () CSS EDU] 
Sent: Monday, March 26, 2007 2:25 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Data in SYN Packets

Hello,

In our IPS log I see the following entry *TCP C2S Ambiguity: Data in
SYN Packet* daily directed towards our DNS server. These packets are
coming from four or so different addresses in China.  I did a brief
Google search with results being a few or more years old. A couple of
the posts reported the same *Data in SYN Packet* with the
originating addresses also from China. 

Can anybody shed light on this?

Thank you very much.




Mike Hanson
Network Security Manager
The College of St. Scholastica
Duluth, MN 55811
 
 ( mailto:n () css edu )