I got this article from SANS. This is about TCP packet analysis. The analysis said that scan maybe to probe firewall configuration, but it seem the level of crafting involved would be overkilled. I'm still new in packet analysis. I think i sould improve my knowledge aabout TCP packet attack.
http://isc.sans.org/diary.html?storyid=2328
Friday, March 02, 2007
Subscribe to:
Post Comments (Atom)
Posts
3 comments:
I think Richard Bejtlich did mention regarding this incidents in his blog and I tend to agree. 1st, the so called "attacker" is mereley replying to the source (notice the SYN.ACK flags?) It just answering syn packet from the source. Also another way is by asking the owner of the "attacker". He might give an appropriate answer.
John,
please read this.
Thanks Ayoi and Richard!!
Post a Comment