Hello,
It may be noteworthy that nmap recently (March, 2003) included port 0
support in nmap-3.20.
Perhaps these are part of port scanning or other probing?
Additionally, Back Orifice 2000's default tcp port is port 0 as well.
(http://vil.nai.com/vil/content/v_10229.htm)
Perhaps they are probing for this?
I would imagine unless you run one of the _few_ devices affected by
crashing on port 0 packets, you are not the victim of a DoS.
-Russell
P.S. are they udp or tcp or otherwise?
On Wed, 23 Jul 2003, Stuart wrote:
> Hi,
>
> After currently reviewing firewall logs from ISA server I have come
> across a period of where the box was hit with an aprox. average of 3 - 4
> packets per 5 minute period for 8 hours. After looking up information
> from dshield.org
> http://isc.incidents.org/port_details.html?port=0
>
> I have found that these packets can cause DoS on certain devices and
> OS'. The effect of the packets had no effect on the box itself but the
> packets were originating from 2 different hosts so I would assume this
> will fall in the category of DDoS?
> I first noticed these packets in the logs on the 21st from 11:20 GMT to
> 22nd 7:20 GMT and they have just started again (22nd 17:40 GMT) and are
> continuing.
>
> Has anyone else received such packets? Or know if there is a Trojan/worm
> that these packets are sent from?
>
> Thanks for your help
>
> Stu
>
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------
>
>
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Jul 24 2003 - 10:54:23 PDT