Reply
Thu 5 Feb, 2004 07:32 pm
My Norton Internet Security just said my computer had been accessed in a manner characteristic of an "Invalid TCP Flag attack"
The tracker gave this info about the source:
IP no. (I think!) 64.70.54.44
adclst03.value click com
Cable and Wireless
ExCW
Cary NC
27511
It said this re such an "attack"
Invalid TCP Flags
Severity: Medium
This attack could pose a moderate security threat. It does not require immediate action.
Attack Category: Pre-Attack Probe
Pre-Attack probes gather information about a system necessary to launch an attack. A pre-attack probe signature might detect a UDP scan, for example, which an attacker could use to identify all live systems on a network.
Description
This attack signature detects TCP packets that have invalid combinations of flags in the TCP header. e.g. TCP packets that have both the FIN and RST bits set. This intrusion also detects packets that have the TCP reserved bits set.
False Positive
Certain Internet devices, typically routers, sometimes violate the specifications for TCP flags and set the reserved bits to 1.
___________________________________________________________
I assume this was the Norton being a nervous Nellie???? It has reason to be - my system just crashed! And Microsoft doesn't know why. lol
Just thought it was worth letting you know Craven - in case it actually WAS something odd from here.
Oh - A2k was just loading itself in my browser at the time - the only site that was on...
Not a nervous Nellie but a dog bringing a stuffed animal and dropping it at your feet.
Yeah, it's hard to imagine it as anything but a false positive. But I'm going to look into it.
Thanks Craven....just didn't want to let it go if it WAS a problem...
Stumble It!
Tweet This
Bookmark on Delicious
Share on Facebook
Share on MySpace