[Dshield] seemingly random (ACK+RST) packets from

Tom Liston tliston at premmag.com
Wed Mar 24 16:46:24 GMT 2004

Most logical reason:  Someone is sending SYN packets to port 80 of this 
machine with a source address of your machine.  If it isn't you, then it's 
someone spoofing your IP address.  The machine isn't running a webserver, 
so it responds with a ACK+RST.

Perhaps there WAS a webserver at that address that was ticking someone off 
enough to get itself packeted out of existence.... or perhaps someone got 
a new DHCP lease...


On 24 Mar 2004 at 8:13, j.travis wrote:

> I am getting these seemingly random ACK+RST packets from a particular
> machine ( from port 80 to my high ports (usually
> 1100-1600 or so) on a regular basis throughout the day.  There is not a
> webserver running on the machine and I  have carefully
> monitored my own server to make sure that it is not sending communications
> to  The thing is that this machine
> (adsl-64-164-160-154.dsl.lsan03.pacbell.net) belongs to my DSL provider
> (pacbell.net/SBC) so I am thinking there must be a logical explanation for
> this behavior. Anybody have any ideas?
---- >8 ---- Snip!  

More information about the list mailing list