[132039] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Gratuitous syn/ack

daemon@ATHENA.MIT.EDU (Joel Esler)
Thu Nov 11 20:05:16 2010

In-reply-to: <4CDC6EA8.8050300@altadena.net>
From: Joel Esler <joel.esler@me.com>
Date: Thu, 11 Nov 2010 20:03:41 -0500
To: Pete Carah <pete@altadena.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

I am betting backscatter.  


Sent from my iPhone

On Nov 11, 2010, at 5:31 PM, Pete Carah <pete@altadena.net> wrote:

> I'm seeing a significant number (about 1/minute 24 hr/day) of syn/ack
> packets coming from port 80 of random addresses to random ports on my
> nameserver and a few other systems.  This isn't enough traffic to be
> really annoying, but is curious.
> 
> I wonder if the simple explanation (backscatter from syn floods with
> spoofed source addresses) is more likely, or if there are some probing
> techniques in "normal" use that use these packets (one could accomplish
> a traceroute using port 80 packets in either direction...)
> 
> -- Pete
> 
>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[132039] in North American Network Operators' Group

Re: Gratuitous syn/ack

daemon@ATHENA.MIT.EDU (Joel Esler)Thu Nov 11 20:05:16 2010

daemon@ATHENA.MIT.EDU (Joel Esler)
Thu Nov 11 20:05:16 2010