[unisog] private IP's and tcp 42999

Fred Portnoy fportnoy at mail.plymouth.edu
Sat May 8 13:47:09 GMT 2004


I'm still working on details here but has anyone seen a sequence like this
which I have captured from the inside interface our firewall; the first
packet is allowed through the firewall inbound, the second with a foreign
source address and a disallowed destination address will be stopped outbound
when it reaches the firewall; is "localhostaddress.edu" infected with
something known?

...snip
09:14:31.726773 outsidehostaddress.net.4114 > localhostaddress.edu.42999: S
65206546:65206546(0) win 8192 <mss 1452,nop,nop,sackOK> (DF)
09:14:31.728469 outsidehostaddress.net.4114 > 192.168.0.2.42999: S
65206546:65206546(0) win 8192 <mss 1452,nop,nop,sackOK> (DF)
snip....

thanks

-fp




More information about the unisog mailing list