Hello, all. I found lots of port 0 traffic from various conuntry these days like this. [**] [1:524:5] BAD TRAFFIC tcp port 0 traffic [**] [Classification: Misc activity] [Priority: 3] 04/27-05:55:01.306781 65.57.56.46:0 -> 211.1.x.x:6588 TCP TTL:112 TOS:0x0 ID:464 IpLen:20 DgmLen:40 DF ******S* Seq: 0x95AF4 Ack: 0x0 Win: 0x200 TcpLen: 20 is there any special way or tool to use port 0 in order to scan? and what's the meaning about this scan? [**] [116:55:1] (snort_decoder): Truncated Tcp Options [**] 04/26-23:51:08.004547 211.230.86.34:0 -> 211.1.x.x:0 TCP TTL:120 TOS:0x0 ID:38672 IpLen:20 DgmLen:48 DF ******S* Seq: 0xD563D9DB Ack: 0x0 Win: 0x4000 TcpLen: 28 the source port and dest port is 0 alike. Thanks in advance. _________________________________________________________________ °í.. °¨.. µµ.. »ç.. ¶û.. ¸¸.. µé.. ±â.. MSN ·¯ºê http://www.msn.co.kr/love/ ---------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Apr 28 2003 - 10:15:21 PDT