[unisog] Interesting traffic

Paul Dokas dokas at cs.umn.edu
Fri Feb 6 16:11:07 GMT 2004


On Fri, 6 Feb 2004 09:29:40 -0500 "Asadoorian, Paul D" <Paul_Asadoorian at brown.edu> wrote:
> This traffic started on my network on Feb. 2nd, at 7:00AM EST STD time.
> They all originate from 202.109.129.203, all with a source port of 6667
> TCP, the destination is my entire class B on TCP ports 1024 and 3072.
> All packets are RST/ACK.  Anyone else seeing this IP hitting their
> network?  Looks like someone is spoofing our address space, and I have
> confirmed that at least one other University is seeing this.

Looks like backscatter from someone doing a spoofed source SYN flood on
202.109.129.203.  I see similar types of traffic from time to time.

Paul
-- 
Paul Dokas                                            dokas at cs.umn.edu
======================================================================
Don Juan Matus:  "an enigma wrapped in mystery wrapped in a tortilla."



More information about the unisog mailing list