[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Gratuitous syn/ack

Subject: Gratuitous syn/ack
From: randy_94108 at yahoo.com (Randy)
Date: Thu, 11 Nov 2010 20:16:04 -0800 (PST)
In-reply-to: <[email protected]>

--- On Thu, 11/11/10, Joel Esler <joel.esler at me.com> wrote:

> From: Joel Esler <joel.esler at me.com>
> Subject: Re: Gratuitous syn/ack
> To: "Pete Carah" <pete at altadena.net>
> Cc: "nanog at nanog.org" <nanog at nanog.org>
> Date: Thursday, November 11, 2010, 5:03 PM
> I am betting backscatter.? 
> 
> 
> Sent from my iPhone
> 
> On Nov 11, 2010, at 5:31 PM, Pete Carah <pete at altadena.net>
> wrote:
> 
> > I'm seeing a significant number (about 1/minute 24
> hr/day) of syn/ack
> > packets coming from port 80 of random addresses to
> random ports on my
> > nameserver and a few other systems.? This isn't
> enough traffic to be
> > really annoying, but is curious.
> > 
> > I wonder if the simple explanation (backscatter from
> syn floods with
> > spoofed source addresses) is more likely, or if there
> are some probing
> > techniques in "normal" use that use these packets (one
> could accomplish
> > a traceroute using port 80 packets in either
> direction...)
> > 
> > -- Pete



...or script kiddies port-scanning - sending a syn-ack to a non-existent session expecting a RST back.
./Randy

References:
- Gratuitous syn/ack
  - From: joel.esler at me.com (Joel Esler)

Prev by Date: Low end, cool CPE.
Next by Date: Ciscos, BGP, L2TPV3 pseudowires and loopback IPs
Previous by thread: Gratuitous syn/ack
Next by thread: fiber / patch equipment suppliers
Index(es):
- Date
- Thread