Security Incidents mailing list archives

Re: Possible DoS Attack?

From: Glenn Forbes Fleming Larratt <glratt () io com>
Date: Mon, 10 Dec 2001 12:53:48 -0600 (CST)

It could be a filesharing program - server on a low ephemeral port,
clients use well-known ports as source ports to steer around blocking.

        -g

On Mon, 10 Dec 2001, Jonathan A. Zdziarski wrote:

I normally disregard scans, however this particular scan doesn't look like a
conventional port scan, and it happened around the same time the machine
went down.  It looks like their source port is changing, but the target port
on our machine is only changed periodically.  Could this have been a DoS
attack?

-- 
Glenn Forbes Fleming Larratt         The Lab Ratt (not briggs :-)
glratt () io com                        http://www.io.com/~glratt
There are imaginary bugs to chase in heaven.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Possible DoS Attack? Jonathan A. Zdziarski (Dec 10)
- RE: Possible DoS Attack? Blake R. Swopes (Dec 10)
- Re: Possible DoS Attack? Glenn Forbes Fleming Larratt (Dec 10)
- Re: Possible DoS Attack? Jacques Bourdeau (Dec 10)
- <Possible follow-ups>
- RE: Possible DoS Attack? Jacques Bourdeau (Dec 10)