[unisog] private IP's and tcp 42999

Russell Fulton r.fulton at auckland.ac.nz
Sun May 9 00:21:22 GMT 2004


On Sun, 2004-05-09 at 01:47, Fred Portnoy wrote:
> I'm still working on details here but has anyone seen a sequence like this
> which I have captured from the inside interface our firewall; the first
> packet is allowed through the firewall inbound, the second with a foreign
> source address and a disallowed destination address will be stopped outbound
> when it reaches the firewall;

Ummm... do you have information about the direction of the packets
(incoming or outgoing)?  I don't see how both of these packets can be
going in the same direction so I assume that the first is incoming and
the second is outgoing.  If this is the case I can't imagine what its 
purpose is.

the short answer to your first question is "No" ;) but it certainly is
intriguing, it looks as if the packet has been redirected to
192.168.0.2. 

>  is "localhostaddress.edu" infected with
> something known?

or possibly misconfigured or just buggy? 

-- 
Russell Fulton                                    /~\  The ASCII
Network Security Officer                          \ /  Ribbon Campaign
The University of Auckland                         X   Against HTML
New Zealand                                       / \  Email!





More information about the unisog mailing list