Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Data in SYN Packets
From: Justin Klein Keane <jukeane () SAS UPENN EDU>
Date: Mon, 26 Mar 2007 15:35:25 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Could that possibly be part of an effort to tunnel through DNS?

ref:  http://slashdot.org/article.pl?sid=00/09/10/2230242

- --
Justin C. Klein Keane

Sr. Programmer Analyst
University of Pennsylvania
School of Arts and Sciences Computing
Institutional Research and Application Development
3600 Market St.
Room 512
Philadelphia, PA 19104
215.898.0236(p)
215.573.3166(f)



Mike Hanson wrote:
Hello,

In our IPS log I see the following entry *TCP C2S Ambiguity: Data in
SYN Packet* daily directed towards our DNS server. These packets are
coming from four or so different addresses in China.  I did a brief
Google search with results being a few or more years old. A couple of
the posts reported the same *Data in SYN Packet* with the
originating addresses also from China.

Can anybody shed light on this?

Thank you very much.




Mike Hanson
Network Security Manager
The College of St. Scholastica
Duluth, MN 55811

 ( mailto:n () css edu )

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFGCCB9R4a3EW2yjlQRAur4AJ0au9h5EkNpVdx0kHdpgaoFEFFNrwCePLXr
Y1EZr02ACVowJyxqAVTZm2A=
=6cA6
-----END PGP SIGNATURE-----

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault