In looking closer at the forged TCP packets I'm getting, I'm
wondering if this is some very subtle attack going on.
The sequence I'm seeing is a TCP packet from the forged address
with the FINISH flag set. My system then tries to repond to the
packet (why? It's not a valid connection to begin with) but the data it
sends back contains garbage from previous IP packets, not
neccessarily just other TCP packets.
Now, could it be that somewhere along the path some host's NIC is in
promiscuous mode and can read the packets, and with a long enough sample of
data, might be able to determine information from the partial garbage
packets sent back? For instance, I'm seeing my system send back garbage
packets with part of my SNMP community string.
Obligatory Contact Info
You have my permission to link freely to any entry here. Go
ahead, I won't bite. I promise.
The dates are the permanent links to that day's entries (or
entry, if there is only one entry). The titles are the permanent
links to that entry only. The format for the links are
simple: Start with the base link for this site: https://boston.conman.org/, then add the date you are
interested in, say 2000/08/01,
so that would make the final URL:
You can also specify the entire month by leaving off the day
portion. You can even select an arbitrary portion of time.
You may also note subtle shading of the links and that's
intentional: the “closer” the link is (relative to the
page) the “brighter” it appears. It's an experiment in
using color shading to denote the distance a link is from here. If
you don't notice it, don't worry; it's not all that
It is assumed that every brand name, slogan, corporate name,
symbol, design element, et cetera mentioned in these pages is a
protected and/or trademarked entity, the sole property of its
owner(s), and acknowledgement of this status is implied.