Re: Possible DoS Attack?

From: Glenn Forbes Fleming Larratt (glrattat_private)
Date: Mon Dec 10 2001 - 10:53:48 PST

Next message: Markus Friedl: "Re: Voluminous SSHd scanning; possible worm activity?"

Previous message: Armando Ortiz: "Re: Voluminous SSHd scanning; possible worm activity?"
In reply to: Jonathan A. Zdziarski: "Possible DoS Attack?"
Next in thread: Jacques Bourdeau: "Re: Possible DoS Attack?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It could be a filesharing program - server on a low ephemeral port,
clients use well-known ports as source ports to steer around blocking.

	-g

On Mon, 10 Dec 2001, Jonathan A. Zdziarski wrote:

> I normally disregard scans, however this particular scan doesn't look like a
> conventional port scan, and it happened around the same time the machine
> went down.  It looks like their source port is changing, but the target port
> on our machine is only changed periodically.  Could this have been a DoS
> attack?
-- 
Glenn Forbes Fleming Larratt         The Lab Ratt (not briggs :-)
glrattat_private                        http://www.io.com/~glratt
There are imaginary bugs to chase in heaven.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Markus Friedl: "Re: Voluminous SSHd scanning; possible worm activity?"
Previous message: Armando Ortiz: "Re: Voluminous SSHd scanning; possible worm activity?"
In reply to: Jonathan A. Zdziarski: "Possible DoS Attack?"
Next in thread: Jacques Bourdeau: "Re: Possible DoS Attack?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Dec 10 2001 - 15:22:15 PST