Gratuitous syn/ack

Pete Carah pete at altadena.net
Thu Nov 11 22:31:04 UTC 2010


I'm seeing a significant number (about 1/minute 24 hr/day) of syn/ack
packets coming from port 80 of random addresses to random ports on my
nameserver and a few other systems.  This isn't enough traffic to be
really annoying, but is curious.

I wonder if the simple explanation (backscatter from syn floods with
spoofed source addresses) is more likely, or if there are some probing
techniques in "normal" use that use these packets (one could accomplish
a traceroute using port 80 packets in either direction...)

-- Pete





More information about the NANOG mailing list