[unisog] Interesting traffic
dokas at cs.umn.edu
Fri Feb 6 16:11:07 GMT 2004
On Fri, 6 Feb 2004 09:29:40 -0500 "Asadoorian, Paul D" <Paul_Asadoorian at brown.edu> wrote:
> This traffic started on my network on Feb. 2nd, at 7:00AM EST STD time.
> They all originate from 220.127.116.11, all with a source port of 6667
> TCP, the destination is my entire class B on TCP ports 1024 and 3072.
> All packets are RST/ACK. Anyone else seeing this IP hitting their
> network? Looks like someone is spoofing our address space, and I have
> confirmed that at least one other University is seeing this.
Looks like backscatter from someone doing a spoofed source SYN flood on
18.104.22.168. I see similar types of traffic from time to time.
Paul Dokas dokas at cs.umn.edu
Don Juan Matus: "an enigma wrapped in mystery wrapped in a tortilla."
More information about the unisog