Full Disclosure mailing list archives
RE: Odd packet?
From: <full-disclosure () nym hush com>
Date: Fri, 28 May 2004 06:13:51 -0700
Ok. It seems the case described. A spoofed packet with your IP as the source tries to connect to the compromised machine to port 80 at localhost. The compromised machine doesn't have a webserver listening at 127.0.0.1:80 so the tcp stack replyes ACK RST and sends this packet to your spoofed address.
Unlikely. If this were the case, the server would reply with RST, not RST, ACK. There's too little information to come to any conclusion at this point. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Odd packet?, (continued)
- Re: Odd packet? Steffen Schumacher (May 26)
- Re: Odd packet? Mike Klinke (May 26)
- Message not available
- Re: Odd packet? Valentino Squilloni - Ouz (May 27)
- Message not available
- Re: Odd packet? Valentino Squilloni - Ouz (May 25)
- Re: Odd packet? Maarten (May 25)
- Message not available
- Re: Odd packet? Valentino Squilloni - Ouz (May 26)
- Re: Odd packet? Gregh (May 25)