[Dshield] seemingly random (ACK+RST) packets from 64.164.160.154:80

Tom Liston tliston at premmag.com
Wed Mar 24 16:46:24 GMT 2004


Most logical reason:  Someone is sending SYN packets to port 80 of this 
machine with a source address of your machine.  If it isn't you, then it's 
someone spoofing your IP address.  The machine isn't running a webserver, 
so it responds with a ACK+RST.

Perhaps there WAS a webserver at that address that was ticking someone off 
enough to get itself packeted out of existence.... or perhaps someone got 
a new DHCP lease...

-TL

On 24 Mar 2004 at 8:13, j.travis wrote:

> I am getting these seemingly random ACK+RST packets from a particular
> machine (64.164.160.154) from port 80 to my high ports (usually
> 1100-1600 or so) on a regular basis throughout the day.  There is not a
> webserver running on the 64.164.160.154 machine and I  have carefully
> monitored my own server to make sure that it is not sending communications
> to 64.164.160.154.  The thing is that this machine
> (adsl-64-164-160-154.dsl.lsan03.pacbell.net) belongs to my DSL provider
> (pacbell.net/SBC) so I am thinking there must be a logical explanation for
> this behavior. Anybody have any ideas?
---- >8 ---- Snip!  




More information about the list mailing list