[Dshield] seemingly random (ACK+RST) packets from 220.127.116.11:80
tliston at premmag.com
Wed Mar 24 16:46:24 GMT 2004
Most logical reason: Someone is sending SYN packets to port 80 of this
machine with a source address of your machine. If it isn't you, then it's
someone spoofing your IP address. The machine isn't running a webserver,
so it responds with a ACK+RST.
Perhaps there WAS a webserver at that address that was ticking someone off
enough to get itself packeted out of existence.... or perhaps someone got
a new DHCP lease...
On 24 Mar 2004 at 8:13, j.travis wrote:
> I am getting these seemingly random ACK+RST packets from a particular
> machine (18.104.22.168) from port 80 to my high ports (usually
> 1100-1600 or so) on a regular basis throughout the day. There is not a
> webserver running on the 22.214.171.124 machine and I have carefully
> monitored my own server to make sure that it is not sending communications
> to 126.96.36.199. The thing is that this machine
> (adsl-64-164-160-154.dsl.lsan03.pacbell.net) belongs to my DSL provider
> (pacbell.net/SBC) so I am thinking there must be a logical explanation for
> this behavior. Anybody have any ideas?
---- >8 ---- Snip!
More information about the list