[unisog] Interesting traffic

Gary Flynn flynngn at jmu.edu
Fri Feb 6 17:27:37 GMT 2004

Asadoorian, Paul D wrote:

> This traffic started on my network on Feb. 2nd, at 7:00AM EST STD time.
> They all originate from, all with a source port of 6667
> TCP, the destination is my entire class B on TCP ports 1024 and 3072.
> All packets are RST/ACK.  Anyone else seeing this IP hitting their
> network?  Looks like someone is spoofing our address space, and I have
> confirmed that at least one other University is seeing this.

See it here too. I see traffic similar to this quite often
from both port 80 and 6667. I figured it was stuff like


Gary Flynn
Security Engineer - Technical Services
James Madison University

More information about the unisog mailing list