Yeah, looks like someone is writing raw packets to conceal an actual intrusion
attempt.
"Ng, Kenneth (US)" wrote:
> To use a tactic often used in the Navy, decoy packets are sent out along
> with the legit packets to help hide the attackers position. Check nmap for
> example.
>
> Or, it could be someone writing a new cracking tool that writes raw packets,
> he is using you as a target, and he has a bug in his code.
>
> -----Original Message-----
> From: mcobb [mailto:[EMAIL PROTECTED]]
> Sent: Friday, May 04, 2001 7:32 PM
> To: [EMAIL PROTECTED]
> Subject: How can this be?
>
> Guru's,
>
> Iam getting port 80 scans from IP address 0.8.130.60! Has someone hung a
> machine
> off the Inet in promicous mode with a bogus IP address? How can this even
> route? Better
> yet, how does it even bind to the adapter?
>
> To coin an oft used Naval phrase, WTFO!
>
> Regards
> Mike
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> *****************************************************************************
> The information in this email is confidential and may be legally privileged.
> It is intended solely for the addressee. Access to this email by anyone else
> is unauthorized.
>
> If you are not the intended recipient, any disclosure, copying, distribution
> or any action taken or omitted to be taken in reliance on it, is prohibited
> and may be unlawful. When addressed to our clients any opinions or advice
> contained in this email are subject to the terms and conditions expressed in
> the governing KPMG client engagement letter.
> *****************************************************************************
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
