[Snort-users] Possible network mapping?

shawn . moyer shawn at ...1184...
Thu Mar 1 11:43:23 EST 2001

Dr SuSE wrote:
> Has anyone seen this type of traffic before?  There never was a three way
> handshake between my machine at and which resolves to
> orb-cache2.starmedia.com
> I'm assuming it might be a forged packet sent to solicit a response ie the tcp
> reset reply from my machine.

Nmap has the ability to do ACK scanning (-sA), so I'd say it's possible. 


It's also possible that someone was SYN scanning and using a list of
spoofed hosts to obfuscate logs and yours was one of them and this was
the response packet back. :)

Also, by the hostname, I wonder if this is a misconfigured web proxy


More information about the Snort-users mailing list