Date: Thu, 5 Nov 1998 02:11:06 +1300 (NZDT) From: Andrew McNaughton <andrew@squiz.co.nz> To: Alla Bezroutchko <alla@sovlink.ru> Cc: security@FreeBSD.ORG Subject: Re: Is it an attack? Strange things logged by ipfw - more on that Message-ID: <Pine.BSF.4.01.9811050206570.8040-100000@aniwa.sky> In-Reply-To: <3640275A.C3D01E5C@sovlink.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 4 Nov 1998, Alla Bezroutchko wrote: > > Nothing will help brain-damaged windoze machines. :) > > Checked. Some of source IPs belong to 'doze machines, some don't. > Brain damaged unix? ;) Have you talked to the owners of any of the machines? Are they related in any way? I had a whole lot of seemingly unrelated packets a while back that turned out to be due to a faulty router at a major ISP in the UK. It seems that the router was splitting the tcp headers from their bodies, and under heavy load was putting some of them back together wrong so that I got packets from unrelated sessions. The ISP serviced many domains so it took me a while to realize that it was coming from the one place. Traceroute is helpful for that. Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.01.9811050206570.8040-100000>