The Boston Diaries

The ongoing saga of a programmer who doesn't live in Boston, nor does he even like Boston, but yet named his weblog/journal “The Boston Diaries.”

Go figure.

Tuesday, June 13, 2000

What a strange attack this is …

Watching monnet again I see some odd activity coming from an IP address. Random TCP packets with the Reset bit set to random TCP ports on my primary machine. I try to trace back the connection and it goes nowhere, so the source address seems to be forged.

I might have to talk to my upstream provider on what to do.

New net-based attack?

In looking closer at the forged TCP packets I'm getting, I'm wondering if this is some very subtle attack going on.

The sequence I'm seeing is a TCP packet from the forged address with the FINISH flag set. My system then tries to repond to the packet (why? It's not a valid connection to begin with) but the data it sends back contains garbage from previous IP packets, not neccessarily just other TCP packets.

Now, could it be that somewhere along the path some host's NIC is in promiscuous mode and can read the packets, and with a long enough sample of data, might be able to determine information from the partial garbage packets sent back? For instance, I'm seeing my system send back garbage packets with part of my SNMP community string.

Obligatory Picture

[It's the most wonderful time of the year!]

Obligatory Contact Info

Obligatory Feeds

Obligatory Links

Obligatory Miscellaneous

You have my permission to link freely to any entry here. Go ahead, I won't bite. I promise.

The dates are the permanent links to that day's entries (or entry, if there is only one entry). The titles are the permanent links to that entry only. The format for the links are simple: Start with the base link for this site: https://boston.conman.org/, then add the date you are interested in, say 2000/08/01, so that would make the final URL:

https://boston.conman.org/2000/08/01

You can also specify the entire month by leaving off the day portion. You can even select an arbitrary portion of time.

You may also note subtle shading of the links and that's intentional: the “closer” the link is (relative to the page) the “brighter” it appears. It's an experiment in using color shading to denote the distance a link is from here. If you don't notice it, don't worry; it's not all that important.

It is assumed that every brand name, slogan, corporate name, symbol, design element, et cetera mentioned in these pages is a protected and/or trademarked entity, the sole property of its owner(s), and acknowledgement of this status is implied.

Copyright © 1999-2023 by Sean Conner. All Rights Reserved.