Rule 'TCP ack packet attack': Blocked: In TCP?

Archived from groups: comp.security.firewalls (More info?)

Here are some records (from a lot) from my Kerio 2.1.5:
"
Rule 'TCP ack packet attack': Blocked: In TCP, quote-2c.bloomberg.com
[204.179.240.10:80]->localhost:1130, Owner: no owner
Rule 'TCP ack packet attack': Blocked: In TCP, quote-2c.bloomberg.com
[204.179.240.10:80]->localhost:1131, Owner: no owner
Rule 'TCP ack packet attack': Blocked: In TCP, quote-2c.bloomberg.com
[204.179.240.10:80]->localhost:1087, Owner: no owner
Rule 'TCP ack packet attack': Blocked: In TCP, quote-2c.bloomberg.com
[204.179.240.10:80]->localhost:1088, Owner: no owner
Rule 'TCP ack packet attack': Blocked: In TCP, quote-2c.bloomberg.com
[204.179.240.10:80]->localhost:1089, Owner: no owner
Rule 'TCP ack packet attack': Blocked: In TCP, quote-2c.bloomberg.com
[204.179.240.10:80]->localhost:1090, Owner: no owner
Rule 'TCP ack packet attack': Blocked: In TCP, quote-2c.bloomberg.com
[204.179.240.10:80]->localhost:1091, Owner: no owner
Rule 'TCP ack packet attack': Blocked: In TCP, quote-2c.bloomberg.com
[204.179.240.10:80]->localhost:1092, Owner: no owner
Rule 'TCP ack packet attack': Blocked: In TCP, quote-2c.bloomberg.com
[204.179.240.10:80]->localhost:1094, Owner: no owner
Rule 'TCP ack packet attack': Blocked: In TCP, quote-2c.bloomberg.com
[204.179.240.10:80]->localhost:1093, Owner: no owner
"
etc. etc.
What do 'quote-2c.bloomberg.com' trying to achieve?
Thanks for any education.
4 answers Last reply
More about rule packet attack blocked
  1. Archived from groups: comp.security.firewalls (More info?)

    > What do 'quote-2c.bloomberg.com' trying to achieve?
    > Thanks for any education.

    Google is your friend.

    http://www.networkmagazine.com/article/NMG20001130S0002

    Duane :)
  2. Archived from groups: comp.security.firewalls (More info?)

    "Dr. Pastor" <elpX@adsihqX.com> wrote in news:gycnc.12634$V97.11921
    @newsread1.news.pas.earthlink.net:

    > Thank you Duane:
    > I have read the article but still do not
    > understand what Bloomberg want.
    > Would you elaborate please?
    > Regards.
    >

    It's just a basic definition of the hand shake.

    http://www.isoc.org/HMP/PAPER/144/html/node5.html

    I don't know why a machine on the Bloomberg network is trying to make
    contact with your machine, other than the machine has been compromised
    and something on the machine is trying to run a DoS on your machine.

    The DoS means that if your computer was to respond it would be so tied up
    in responding to the requests, it would do nothing else but that and
    nothing you wanted it to do. You would have to turn the machine off to
    stop it.

    Kerio is stopping it. But keep in mind that Kerio and the O/S can get so
    involved in stopping the DoS requests; it's the same as if the requests
    made it all the way to the machine any way.

    You're not doing any business with Bloomberg are you?

    Duane :)
  3. Archived from groups: comp.security.firewalls (More info?)

    "Dr. Pastor" <elpX@adsihqX.com> wrote in
    news:wsfnc.12904$Hs1.10740@newsread2.news.pas.earthlink.net:

    > I got that always when/while connected to
    > http://www.bloomberg.com/
    > Also, I got similar attempts from
    > Charles Schwab Company (CyberTrader).
    > I would really wish to know what they
    > want to do.
    > (I do assume that everybody also got
    > similar things from bloomberg like I do.)
    > Many thanks again.

    Obviously, while making contact with those sites, something was placed on
    the machine possibly that is initiating the contact.

    If you want to know what is happening, then you should make contact with
    the Webmaster at each site and discuss the issue with them instead of
    trying to guess at it or have someone guess for you.

    Those are legit businesses and I don't think they are particularly doing
    any thing underhanded. But you never know. :)

    Each site should have a link that allows you to email the Webmaster or
    make contact with a representative to discuss the issue.

    Duane :)
  4. Archived from groups: comp.security.firewalls (More info?)

    "Dr. Pastor" <elpX@adsihqX.com> wrote news:V6anc.12452$Hs1.8762
    @newsread2.news.pas.earthlink.net

    > Here are some records (from a lot) from my Kerio 2.1.5:


    > Rule 'TCP ack packet attack': Blocked: In TCP, quote-2c.bloomberg.com
    > [204.179.240.10:80]->localhost:1130, Owner: no owner

    <snip>

    > etc. etc.
    > What do 'quote-2c.bloomberg.com' trying to achieve?
    > Thanks for any education.
    >


    Let's see... it's a TCP ack packet from source port 80 (www), to a high
    numbered (>1024) local port, from from a machine running a web server.

    Looks like you made an HTTP request, and they're trying to return it.
Ask a new question

Read More

Firewalls TCP/IP Localhost Networking