subject:"Re\: Very Strange \- TCP SWEEP Alerts \/ Inconsistent with traffic on system"

Re: Very Strange - TCP SWEEP Alerts / Inconsistent with traffic on system

2010-06-27 Thread John Kristoff

On Sun, 27 Jun 2010 17:22:51 -0400 (EDT) khatfi...@socllc.net wrote: > Here is an example report we received from AT&T: > 04:29:27 x.x.x.x 0.0.0.0 [TCP-SWEEP] > (total=23,dp=1024,min=212.1.185.6,max=212.1.191.127,Jun27-04:21:01,Jun27-04:29:26) > (USI-amsxaid01) 04:29:27 x.x.x.x 0.0.0.0 [TCP-SWEEP]

Re: Very Strange - TCP SWEEP Alerts / Inconsistent with traffic on system

2010-06-27 Thread khatfield

m: "Matt Hite" Sent: Sunday, June 27, 2010 5:36pm To: khatfi...@socllc.net Cc: nanog@nanog.org Subject: Re: Very Strange - TCP SWEEP Alerts / Inconsistent with traffic on system Hi Kevin, Someone may want to throw RST traffic your way by spoofing their own source (as you) and machine gun

Re: Very Strange - TCP SWEEP Alerts / Inconsistent with traffic on system

2010-06-27 Thread Matt Hite

Hi Kevin, Someone may want to throw RST traffic your way by spoofing their own source (as you) and machine gunning TCP ACK or SYN packets to Internet hosts such as this AT&T customer. Just a nice way of throwing traffic at you in a fairly undetectable manner. Just a guess, -M On Sun, Jun 27, 20