Security Incidents mailing list archives
Re: Munged Napster Sessions
From: vanja () RELAYGROUP COM (Vanja Hrustic)
Date: Fri, 17 Mar 2000 05:19:22 +0700
"Stephen P. Berry" wrote:
Notably, the traffic of interest includes various bogus TCP flag combinations (everything from SYN-FIN packets to full Xmas packets), bogus TCP flags, and tiny fragments. In absence of the established napster session, the anomalous traffic would look powerfully like some sort of TCP fingerprinting attempt to me.
A silly question: is any of sites involved located at *.demon.co.uk, by any chance? I think that quite many people these days are seeing false alarms caused by traffic which comes from demon. Demon blames it on "network equipment". For example, a guy (using demon.co.uk) is browsing my website, and during that session, a packet is sent to random high port (like 3xxxx). Packets are really strange; sometimes they have all bits set, sometimes not. I just got used to that :) -- Vanja Hrustic The Relay Group http://relaygroup.com Technology Ahead of Time
Current thread:
- unusual mail file, (continued)
- unusual mail file Donald McLachlan (Mar 28)
- Re: unusual mail file Ryan Hilton (Mar 28)
- Front Page Extensions vventura () SIA PT (Mar 28)
- Re: sgi-dgl scanning E. Larry Lidz (Mar 28)
- Syn attacks ? Klavs Klavsen (Mar 28)
- Re: lots of interest in port 109 (POP2) markus tromday (Mar 22)
- Re: lots of interest in port 109 (POP2) Donald McLachlan (Mar 07)
- Re: lots of interest in port 109 (POP2) Paul Rice (Mar 13)
- Munged Napster Sessions Stephen P. Berry (Mar 13)
- Looking for Squid Proxies Cy Schubert - ITSD Open Systems Group (Mar 16)
- Re: Munged Napster Sessions Vanja Hrustic (Mar 16)
- Port 6112 Stuart Staniford-Chen (Mar 17)
- Re: Port 6112 Robert Graham (Mar 20)
- Re: Port 6112 Stuart Staniford-Chen (Mar 20)
- nbname scans Rick Tortorella (Mar 20)
- Port 27960 Stuart Staniford-Chen (Mar 17)
- Re: Port 27960 steve balla (Mar 20)
- Re: Port 27960 Odd Arne Beck (Mar 20)
- Re: Port 27960 David Groves (Mar 21)
- Re: Port 27960 Sean Birkholz (Mar 25)
- Followup Analysis of a Shaft DDoS Node and Master Richard Wash (Mar 28)