[unisog] private IP's and tcp 42999
r.fulton at auckland.ac.nz
Sun May 9 00:21:22 GMT 2004
On Sun, 2004-05-09 at 01:47, Fred Portnoy wrote:
> I'm still working on details here but has anyone seen a sequence like this
> which I have captured from the inside interface our firewall; the first
> packet is allowed through the firewall inbound, the second with a foreign
> source address and a disallowed destination address will be stopped outbound
> when it reaches the firewall;
Ummm... do you have information about the direction of the packets
(incoming or outgoing)? I don't see how both of these packets can be
going in the same direction so I assume that the first is incoming and
the second is outgoing. If this is the case I can't imagine what its
the short answer to your first question is "No" ;) but it certainly is
intriguing, it looks as if the packet has been redirected to
> is "localhostaddress.edu" infected with
> something known?
or possibly misconfigured or just buggy?
Russell Fulton /~\ The ASCII
Network Security Officer \ / Ribbon Campaign
The University of Auckland X Against HTML
New Zealand / \ Email!
More information about the unisog