Security Incidents mailing list archives
Re: Possible DoS Attack?
From: Glenn Forbes Fleming Larratt <glratt () io com>
Date: Mon, 10 Dec 2001 12:53:48 -0600 (CST)
It could be a filesharing program - server on a low ephemeral port, clients use well-known ports as source ports to steer around blocking. -g On Mon, 10 Dec 2001, Jonathan A. Zdziarski wrote:
I normally disregard scans, however this particular scan doesn't look like a conventional port scan, and it happened around the same time the machine went down. It looks like their source port is changing, but the target port on our machine is only changed periodically. Could this have been a DoS attack?
-- Glenn Forbes Fleming Larratt The Lab Ratt (not briggs :-) glratt () io com http://www.io.com/~glratt There are imaginary bugs to chase in heaven. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Possible DoS Attack? Jonathan A. Zdziarski (Dec 10)
- RE: Possible DoS Attack? Blake R. Swopes (Dec 10)
- Re: Possible DoS Attack? Glenn Forbes Fleming Larratt (Dec 10)
- Re: Possible DoS Attack? Jacques Bourdeau (Dec 10)
- <Possible follow-ups>
- RE: Possible DoS Attack? Jacques Bourdeau (Dec 10)