Port 80 SYN packets arrived singly and in triples to my dial-up Linux box. I captured some in tcpdump format: http://www.cstone.net/~lmf1t/codered/0718at_private http://www.cstone.net/~lmf1t/codered/0719at_private http://www.cstone.net/~lmf1t/codered/0719at_private Lindsay Ryan Russell wrote: >On Fri, 20 Jul 2001, Dean Cunningham wrote: > >> Looks like code red , but not seeing the 3 hits per ip address, just one. >> May be due to the different FW logs, I use Firewall-1. >> > >I was getting three SYN packets per attempt. For simple port-blocking >firewalls, they may log it as three entries. Firewall-1 will treat it as >one "connection" attempt, and log it as a single item. > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jul 22 2001 - 17:37:57 PDT