Re: [uknof] SYN_RECV
Interesting coinciding with an increased volume of phishing attacks. Sent from my iPhone > On 28 Oct 2019, at 17:28, Keith Mitchell wrote: > > On 10/28/19 11:26 AM, Tom Bird wrote: > >> For a while now I've been seeing quite a lot of TCP sockets in the >> SYN_RECV state on any machine offering public ipv4 services, which >> should normally only happen if you can't route back to the source. >> Was initially worried that I'd broken something, however have seen it >> on boxes across a few providers now. > > I'm seeing these too. Started on IMAPS/993 last week, seems to be on a > whole range of TCP ports now. > >> I've got a couple of theories but none adequately explain it, anyone >> know for sure? > > I'm thinking it might be some kind of reflection attack, though it's > unclear there's amplification for this kind of SYN traffic. > > Keith > >
Re: [uknof] SYN_RECV
On 10/28/19 11:26 AM, Tom Bird wrote: > For a while now I've been seeing quite a lot of TCP sockets in the > SYN_RECV state on any machine offering public ipv4 services, which > should normally only happen if you can't route back to the source. > Was initially worried that I'd broken something, however have seen it > on boxes across a few providers now. I'm seeing these too. Started on IMAPS/993 last week, seems to be on a whole range of TCP ports now. > I've got a couple of theories but none adequately explain it, anyone > know for sure? I'm thinking it might be some kind of reflection attack, though it's unclear there's amplification for this kind of SYN traffic. Keith
[uknof] SYN_RECV
Afternoon, For a while now I've been seeing quite a lot of TCP sockets in the SYN_RECV state on any machine offering public ipv4 services, which should normally only happen if you can't route back to the source. Was initially worried that I'd broken something, however have seen it on boxes across a few providers now. I've got a couple of theories but none adequately explain it, anyone know for sure? Thanks! -- Tom :: www.portfast.co.uk / @portfast :: hosted services, domains, virtual machines, consultancy
