[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200405281313.i4SDDps6066510@mailserver2.hushmail.com>
From: full-disclosure at nym.hush.com (full-disclosure@....hush.com)
Subject: Odd packet?
>Ok. It seems the case described. A spoofed packet with your
>IP as the source tries to connect to the compromised machine
>to port 80 at localhost. The compromised machine doesn't have a
>webserver listening at 127.0.0.1:80 so the tcp stack replyes
>ACK RST and sends this packet to your spoofed address.
Unlikely. If this were the case, the server would reply with RST, not
RST, ACK. There's too little information to come to any conclusion at
this point.
Powered by blists - more mailing lists