[Dshield] seemingly random (ACK+RST) packets from

Stephane Grobety security at admin.fulgan.com
Wed Mar 24 16:37:25 GMT 2004

jt> I am getting these seemingly random ACK+RST packets from a particular
jt> machine ( from port 80 to my high ports (usually
jt> 1100-1600 or so) on a regular basis throughout the day.  There is not a
jt> webserver running on the machine and I  have carefully
jt> monitored my own server to make sure that it is not sending
jt> communications to  The thing is that this machine
jt> (adsl-64-164-160-154.dsl.lsan03.pacbell.net) belongs to my DSL provider
jt> (pacbell.net/SBC) so I am thinking there must be a logical explanation
jt> for this behavior. Anybody have any ideas?

Hum. It could be that someone is sending spoofed SYNs to this machine
with your IP address. Possibly, this host is under (D)DoS and your IP
is used as a decoy.

Now, why would someone try to syn-flood a machine that is obviously
not listening on the target port is beyond me. Maybe there is
something else...

Good luck,

More information about the list mailing list