[Snort-users] Possible network mapping?
shawn . moyer
shawn at ...1184...
Thu Mar 1 11:43:23 EST 2001
Dr SuSE wrote:
> Has anyone seen this type of traffic before? There never was a three way
> handshake between my machine at 22.214.171.124 and 126.96.36.199 which resolves to
> I'm assuming it might be a forged packet sent to solicit a response ie the tcp
> reset reply from my machine.
Nmap has the ability to do ACK scanning (-sA), so I'd say it's possible.
It's also possible that someone was SYN scanning and using a list of
spoofed hosts to obfuscate logs and yours was one of them and this was
the response packet back. :)
Also, by the hostname, I wonder if this is a misconfigured web proxy
More information about the Snort-users