Pat Riehecky írta:
I am about 90% certain that I am not being scanned as a bunch of the
dropped packets are coming from places like the New York Times,
Microsoft, and Google. Admittedly they could be spoofed IP addresses.
but the packets are all coming from 80 or 443 and they are all destined
for TCP Ports in the ephemeral range. Additionally in my squid logs I
have a corresponding entry requesting data from that server.
Well... Read this:
http://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=10640&mode=thread&order=0&thold=0
The interesting part starts at *"Camouflaging your ip address"...*
All evidence I have points to some sort of conntrack timeout.
Occasionally I can find the IP addresses in the output from iptstate,
but...
Thanks for the ideas, any chance for more theories?
Pat
Swifty
