I have this very odd set of packets on the cable network repeatedly landing on my eth0 link. Somebody's terribly misconfigured box?
12:44:29.667404 127.0.0.1.http > 210.7.37.117.1016: R 0:0(0) ack 1698234369 win 0
12:44:29.687263 127.0.0.1.http > 210.7.102.117.1619: R 0:0(0) ack 185335809 win 0
12:44:29.708031 127.0.0.1.http > 210.7.168.244.1455: R 0:0(0) ack 819986433 win 0
12:44:29.738644 127.0.0.1.http > 210.7.11.116.1324: R 0:0(0) ack 1771896833 win 0
eep. After running through the ethernet headers, I just discovered that these packets are coming from a blaster infected machine which is also flooding the network with syn packets to continuously increasing IP numbers.
I have seen blaster infections before, but i havent ever seen traffic whose snippet is given above. Is this an old behaviour or is this a variation of the virus?
- Sandip
-- Sandip Bhattacharya sandip (at) puroga.com http://www.sandipb.net
GPG: 51A4 6C57 4BC6 8C82 6A65 AE78 B1A1 2280 A129 0FF3
_______________________________________________ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
