> Date: Thu, 24 Jan 2002 23:40:23 +0100 > From: Michael Stauber <[EMAIL PROTECTED]>
> > Flags: SYN: 1 FIN: 1 ACK: 0 PSH: 0 URG: 0 RST: 0 > > What is unusual here is that both the ACK and the FIN flags > were set. This never happens during a regular TCP/IP > connection. Almost; never say "never". :-) Check out RFC 1644 for info on T/TCP. > So someone was most likely sending manually crafted packets > your way, or using some kind of security auditing tool. Perhaps, but see my previous post. I don't know if ESRO actually uses T/TCP or how common it is... it may well have been a valid, yet misdirected, packet. If it's the only one, I'd lean toward it being legit. But excessive concern _is_ safer than insufficient concern. :-) Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence -- Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to be blocked. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
