Security Basics mailing list archives

Re: Re: Re: Tons of Source port 80 to random Dest Port Traffic

From: terence.cornelius () paladion net
Date: 29 May 2006 15:36:46 -0000

There could be a possibilty that those "n" machines are initiating the connections by hitting your source machine on 
port 80 with "SYN" packets. So in response, the source machine is replying to all these destination machines with a 
"SYN ACK" from port 80. Now since a Single Source is generating a huge traffic, you are observing it, how about you 
check it in the other way round???

Current thread:

Tons of Source port 80 to random Dest Port Traffic Tom Hayden (May 20)
- Re: Tons of Source port 80 to random Dest Port Traffic Mathew Benwell (May 23)
- Message not available
  - Re: Tons of Source port 80 to random Dest Port Traffic Tom Hayden (May 23)
- RE: Tons of Source port 80 to random Dest Port Traffic David Gillett (May 23)
- Re: Tons of Source port 80 to random Dest Port Traffic ilaiy (May 23)
- Re: Tons of Source port 80 to random Dest Port Traffic Deapesh Misra (May 29)
- <Possible follow-ups>
- Re: Tons of Source port 80 to random Dest Port Traffic tico . wu (May 23)
- Re: Re: Tons of Source port 80 to random Dest Port Traffic rcarlin (May 23)
- Re: Re: Re: Tons of Source port 80 to random Dest Port Traffic terence . cornelius (May 30)