Educause Security Discussion
mailing list archives
Re: Data in SYN Packets
From: "Gibson, Nathan J. (HSC)" <Nathan-Gibson () OUHSC EDU>
Date: Mon, 26 Mar 2007 14:53:02 -0500
It could be that a different O/S could use this information. It may be a packet that could cause malicious attacks on a
different platform but your machine sees it as a "corrupt" packet because it carries extra data and drops it.
Nathan J. Gibson, CISSP
Information Technology, Information Security Services
University of Oklahoma Health Sciences Center
Rogers Building, Room 128
Office: (405) 271-2476
Fax: (405) 271-2181
Cell: (405) 397 5134
This e-mail, including any attachments, contains information from the University of Oklahoma Health Sciences Center,
which may be confidential or privileged. The information is intended to be for the use of the individual or entity
named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the
contents of this information is prohibited.
If you have received this e-mail in error, please notify the sender immediately by a "reply to sender only" message and
destroy all electronic and hard copies of the communication, including attachments.
From: Mike Hanson [mailto:MHanson () CSS EDU]
Sent: Monday, March 26, 2007 2:25 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Data in SYN Packets
In our IPS log I see the following entry *TCP C2S Ambiguity: Data in
SYN Packet* daily directed towards our DNS server. These packets are
coming from four or so different addresses in China. I did a brief
Google search with results being a few or more years old. A couple of
the posts reported the same *Data in SYN Packet* with the
originating addresses also from China.
Can anybody shed light on this?
Thank you very much.
Network Security Manager
The College of St. Scholastica
Duluth, MN 55811
( mailto:n () css edu )