Firewalls: Re: Hoo Dat and sniffer log

Firewalls
(February 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Hoo Dat and sniffer log
From:	Barney Wolff <barney @ databus . com>
Date:	Mon, 12 Feb 96 18:21 EST
To:	firewalls @ GreatCircle . com

>Date: Sun, 11 Feb 1996 14:10:49 -0500 (EST)
>From: Sick Puppy <sikpuppy @
 maestro .
 com>
>
>Others: Please don't tell me these guys are trying to just send
>mail.  They just happened to be hitting port 25 at that time.

Looks to me as though 203.241.159.180 (which is something in Samsung)
thinks *you're* trying to send mail.  Perhaps somebody sent them
a tcp.syn with your (spoofed) IP address.  In any case, your
resets are not getting to them, so they re-transmit their syn/ack.
Traceroute works from me to that address, so why aren't your resets
getting through?

What's arcane about sniffing with a real Sniffer(tm)?

Barney Wolff  <barney @
 databus .
 com>

Indexed By Date	Previous:	Firewall-1 Version Comparison From: Graham Jose <gjose @ mecx05 . colesmyer . com . au>
Indexed By Date	Next:	[no subject] From: Tham Huei Hwan <Tham . Huei . Hwan @ bass . com . my>
Indexed By Thread	Previous:	Re: Hoo Dat and sniffer log From: Sick Puppy <sikpuppy @ maestro . com>
Indexed By Thread	Next:	Gauntlet 3.1 Packet Filter? From: sengle @ hti . net (Steven W. Engle)