Security Basics mailing list archives
Re: Is this normal?
From: Barrie Dempster <barrie () reboot-robot net>
Date: Wed, 27 Oct 2004 13:35:19 +0100
On Fri, 2004-10-22 at 12:34 -0300, Joe Polk wrote:
It's not necessarily unusual. Someone is scanning for open ports and such and is attempting to come in.
<snip> They most certainly are not, in this case. You can't scan for open ports if the packets contain a fake return address like this. In order for the scanning machine to know that a port is open it requires something to be sent back (ie.. SA). as has been mentioned before this is most likely a syn flood type attack. -- Barrie Dempster (zeedo) - Fortiter et Strenue http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Is this normal? Erlend Lorentzen (Oct 21)
- Re: Is this normal? Joe Polk (Oct 22)
- Re: Is this normal? Barrie Dempster (Oct 27)
- Re: Is this normal? Kluge (Oct 27)
- Re: Is this normal? Kenneth R Swain II (Oct 27)
- Re: Is this normal? Barrie Dempster (Oct 27)
- Re: Is this normal? Adam Jones (Oct 22)
- Re: Is this normal? Callan K L Tham (Oct 25)
- Re: Is this normal? xyberpix (Oct 25)
- <Possible follow-ups>
- RE: Is this normal? Shawn Jackson (Oct 22)
- RE: Is this normal? Andrew Shore (Oct 22)
- Re: Is this normal? bp1974 (Oct 22)
- Re: Is this normal? Jonathan Loh (Oct 25)
- Re: Is this normal? xyberpix (Oct 26)
- Re: Is this normal? Jonathan Loh (Oct 25)
(Thread continues...)
- Re: Is this normal? Joe Polk (Oct 22)