[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] attackalert Unknown Type
- Subject: Re: [cobalt-security] attackalert Unknown Type
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Thu, 24 Jan 2002 23:40:23 +0100
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Kai,
> Flags: SYN: 1 FIN: 1 ACK: 0 PSH: 0 URG: 0 RST: 0
What is unusual here is that both the ACK and the FIN flags were set. This
never happens during a regular TCP/IP connection.
So someone was most likely sending manually crafted packets your way, or
using some kind of security auditing tool.
I don't want to bore you with the details. If you're interested you can read
them up here:
http://www.cs.cornell.edu/courses/cs414/2001SP/lectures/TCPIP.pdf
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer