On 2006-08-09 01:14, Michael T. Davis wrote: > At 17:03:57.06 on 8-AUG-2006 in message > <[EMAIL PROTECTED]>, I wrote: >> [...] >> Despite the above rules, TCP port 53 SYN packets are apparently making >> it past the firewall, since I'm seeing RST (reset) packets being sent out in >> response.[...] > > Apologies...I was misinterpreting things. The packets weren't aimed > at port 53 on our network--they were coming _from_ port 53 on the remote > system. The initial packet has not only SYN but ACK set. I'd guess this guy > in China's trying to get a rise out of systems here.
Or, perhaps you're seeing backscatter from a DNS-based denial-of-service attack directed at the Chinese IP with forged source addresses that happen to include the IP of your system. -- Jefferson Ogata <[EMAIL PROTECTED]> NOAA Computer Incident Response Team (N-CIRT) <[EMAIL PROTECTED]> "Never try to retrieve anything from a bear."--National Park Service
