ACK RST to ports higher than 1024 showing up in firewall log

Over the last few days or so the following ip address (202.0.53.160) has
appeared with greater regularity in my firewall logs . Each time there seems
to be an ACK RST associated with the attempts at various ports on my
firewall though "his" source port always stays the same (1025).

I've not seen this show up in the logs before, any idea what's happening?

 

Yep. Someone is sending you ACK RSTs.
Try finding out "his" source IP. What is it?

 

In

Uh - duh. Try reading the post again.

--
Regards,

Matt B
~~~~~~~~~~~~~~~~~~~~~~
There are 10 types of people.
Those who get binary...
And those who don't.
~~~~~~~~~~~~~~~~~~~~~~

 

Yep. Someone is causing you ACK RSTs.
Try finding "his" IP address. What is it?

 

That IP address is registered to Telstra Clear (Paradise .net owners).

 

I already knew that its a paradise cable modem account, I just needed to
know what was causing the problem.

 

Are you blind?

 

Messenger service spam?
E.

 

They may be forged.

 

And again, re-read the post

 

Sigh! One idiot knows the answer to his own question (202.0.53.160)
and another one wants everyone to re-read the post.

 

In

No. OP asked "what's happening", and gave the apparent source IP. *You*
suggested he try to find the source IP; perhaps in your eagerness to help
you'd missed the OP's first sentence so *I* suggested you re-read it. You
then suggested that *I* was logging port scans and should try and find the
source IP, to which XPD suggested *you* re-read the original post.

OP hasn't IMHO exhibited any signs of idiocy, nobody has suggested everyone
re-read the post - however there _does_ seem to be one poster having trouble
with comprehension.

To the OP...

Search for "nastygram" or "Christmas tree packet" - might be the cause of
what you're seeing.


--
Regards,

Matt B
~~~~~~~~~~~~~~~~~~~~~~
There are 10 types of people.
Those who get binary...
And those who don't.
~~~~~~~~~~~~~~~~~~~~~~

 

snip

Thanks for the hint, but doesn't a nastygram involve having all the bits
set?. All I'm seeing is the ACK & RST with no SYN & FIN. Here's an example
of what I'm seeing:

00:03:32 SRC=202.0.53.160 DST=202.0.33.254 LEN=40 TOS=0x00 PREC=0x00 TTL=127
ID=51352 PROTO=TCP SPT=1025 DPT=1727 WINDOW=0 RES=0x00 ACK RST URGP=0

 

In

Yep

All I'm seeing is the ACK & RST with no SYN & FIN. Here's

Depends on your setup, by the looks...

http://www.google.com/search?q=ack+rst+-syn+-fin


--
Regards,

Matt B
~~~~~~~~~~~~~~~~~~~~~~
There are 10 types of people.
Those who get binary...
And those who don't.
~~~~~~~~~~~~~~~~~~~~~~