Security Incidents mailing list archives
Re: Packet from port 80 with spoofed microsoft.com ip
From: Chris Wilkes <cwilkes () ladro com>
Date: Wed, 29 Jan 2003 09:06:13 -0800
On Wed, Jan 29, 2003 at 09:46:53PM +1100, Michael Rowe wrote:
I received a packet on my cable modem today, allegedly from microsoft.com: 18:41:35.663374 207.46.249.190.80 > my.cable.modem.ip.1681: S866282571:866282571(0) ack 268566529 win 16384 <mss 1460>
Do you have any MS computers at home set to automatically check microsoft's site for updates? I thought I had it turned off but poking around the GUI I found under Control Panel - Servers "Automatic Update" set to Automatic. What's odd is that it isn't in my tray and I thought I disabled it.
No one was home at this time, and no computer running windows was active, so I'm pretty sure this was not legit traffic (unless it was a *very* delayed ack from a microsoft server, like > 6 hours. I guess this is conceivable, given their current, er, issues :).
By "active" do you mean "turned off"? Chris ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Packet from port 80 with spoofed microsoft.com ip Michael Rowe (Jan 29)
- Re: Packet from port 80 with spoofed microsoft.com ip Chris Wilkes (Jan 29)
- Re: Packet from port 80 with spoofed microsoft.com ip Thiago Conde Figueiró (Jan 29)
- Re: Packet from port 80 with spoofed microsoft.com ip Rich Puhek (Jan 30)
- Re: Packet from port 80 with spoofed microsoft.com ip H C (Jan 29)
- Re: Packet from port 80 with spoofed microsoft.com ip Keith Owens (Jan 30)
- Message not available
- Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Russell Fulton (Jan 31)
- Message not available
- Message not available
- <Possible follow-ups>
- RE: Packet from port 80 with spoofed microsoft.com ip NESTING, DAVID M (SBCSI) (Jan 29)