Security Incidents mailing list archives
Protocol Violation
From: JD Conley <jdc () MALIBUBOATS COM>
Date: Fri, 17 Nov 2000 13:46:30 -0800
Hello, I was alerted today by one of our proxies (Microsoft Proxy 2.0) that it had encounted a "Protocol Violation." It has packet filtering enabled, disallowing fragmented packets. The following is an exerpt from the log (with x.x.x.x as the 'attacker' and y.y.y.y as our proxy). Any ideas on what this could be? Some sort of attack, etc. TIA! 11/17/00, 11:23:35, x.x.x.x, y.y.y.y, Tcp, 25970, 29305, FIN RST PSH , Frag, Dialout, -, -, 11/17/00, 11:23:36, x.x.x.x, y.y.y.y, Tcp, 8289, 28281, FIN SYN ACK URG , Frag, Dialout, -, -, 11/17/00, 11:23:40, x.x.x.x, y.y.y.y, Tcp, 25970, 29305, FIN RST PSH , Frag, Dialout, -, -, 11/17/00, 11:23:50, x.x.x.x, y.y.y.y, Tcp, 25970, 29305, FIN RST PSH , Frag, Dialout, -, -, 11/17/00, 11:24:11, x.x.x.x, y.y.y.y, Tcp, 25970, 29305, FIN RST PSH , Frag, Dialout, -, -, 11/17/00, 11:24:52, x.x.x.x, y.y.y.y, Tcp, 25970, 29305, FIN RST PSH , Frag, Dialout, -, -, 11/17/00, 11:26:13, x.x.x.x, y.y.y.y, Tcp, 25970, 29305, FIN RST PSH , Frag, Dialout, -, -, 11/17/00, 11:28:13, x.x.x.x, y.y.y.y, Tcp, 25970, 29305, FIN RST PSH , Frag, Dialout, -, -, Thanks, JD Conley "Nerd" www.malibuboats.com
Current thread:
- Protocol Violation JD Conley (Nov 21)
- Re: Protocol Violation Radu Brumariu (Nov 22)