[Dshield] Malformed Ip packet

Dean_Larson@May-Co.com Dean_Larson at May-Co.com
Thu Aug 21 13:02:50 GMT 2003


yes.  but here i've seen 2 packets, 2 hours apart.  it appears the protocol
is tcp, but the  source port is 0   :(



                                                                                                                                       
                      Korhonen Juuso                                                                                                   
                      <juuso.korhonen@         To:      "'list at dshield.org'" <list at dshield.org>                                        
                      camline.fi>              cc:                                                                                     
                      Sent by:                 Subject: [Dshield] Malformed Ip packet                                                  
                      list-bounces at dsh                                                                                                 
                      ield.org                                                                                                         
                                                                                                                                       
                                                                                                                                       
                      08/21/2003 07:20                                                                                                 
                      AM                                                                                                               
                      Please respond                                                                                                   
                      to General                                                                                                       
                      DShield                                                                                                          
                      Discussion List                                                                                                  
                                                                                                                                       
                                                                                                                                       





I've been getting in malformed packets(says Sonicwall) from two addresses.
These packets seem to come in regularly from dial up connections from US.
Anybody seen this before?

Pakets cannot be return packets because they hit addresses which are not in
use.

I have set up a capture trap and hopefully I can grab some packets to
analyze.


08/21/2003 14:08:11.896 -     Malformed IP packet dropped. -
Source:171.75.198.119, WAN -  Destination:XXX.XXX.XXX.161, 80 -    -


Best regards

Juuso

Radiant sir, radiant.

_______________________________________________
list mailing list
list at dshield.org
 To change your subscription options (or unsubscribe), see:
 http://www.dshield.org/mailman/listinfo/list







More information about the list mailing list