Security Incidents mailing list archives

Protocol Violation

From: JD Conley <jdc () MALIBUBOATS COM>
Date: Fri, 17 Nov 2000 13:46:30 -0800

Hello,

I was alerted today by one of our proxies (Microsoft Proxy 2.0) that it had
encounted a "Protocol Violation."  It has packet filtering enabled,
disallowing fragmented packets.  The following is an exerpt from the log
(with x.x.x.x as the 'attacker' and y.y.y.y as our proxy).  Any ideas on
what this could be?  Some sort of attack, etc.  TIA!

11/17/00, 11:23:35, x.x.x.x, y.y.y.y, Tcp, 25970, 29305, FIN RST PSH , Frag,
Dialout, -, -,
11/17/00, 11:23:36, x.x.x.x, y.y.y.y, Tcp, 8289, 28281, FIN SYN ACK URG ,
Frag, Dialout, -, -,
11/17/00, 11:23:40, x.x.x.x, y.y.y.y, Tcp, 25970, 29305, FIN RST PSH , Frag,
Dialout, -, -,
11/17/00, 11:23:50, x.x.x.x, y.y.y.y, Tcp, 25970, 29305, FIN RST PSH , Frag,
Dialout, -, -,
11/17/00, 11:24:11, x.x.x.x, y.y.y.y, Tcp, 25970, 29305, FIN RST PSH , Frag,
Dialout, -, -,
11/17/00, 11:24:52, x.x.x.x, y.y.y.y, Tcp, 25970, 29305, FIN RST PSH , Frag,
Dialout, -, -,
11/17/00, 11:26:13, x.x.x.x, y.y.y.y, Tcp, 25970, 29305, FIN RST PSH , Frag,
Dialout, -, -,
11/17/00, 11:28:13, x.x.x.x, y.y.y.y, Tcp, 25970, 29305, FIN RST PSH , Frag,
Dialout, -, -,

Thanks,
JD Conley
"Nerd"
www.malibuboats.com

Current thread:

Protocol Violation JD Conley (Nov 21)
- Re: Protocol Violation Radu Brumariu (Nov 22)