Security Incidents mailing list archives
lots of port 0 scannings
From: "SB CH" <chulmin2 () hotmail com>
Date: Mon, 28 Apr 2003 00:51:58 +0000
Hello, all. I found lots of port 0 traffic from various conuntry these days like this. [**] [1:524:5] BAD TRAFFIC tcp port 0 traffic [**][Classification: Misc activity] [Priority: 3] 04/27-05:55:01.306781 65.57.56.46:0 -> 211.1.x.x:6588
TCP TTL:112 TOS:0x0 ID:464 IpLen:20 DgmLen:40 DF ******S* Seq: 0x95AF4 Ack: 0x0 Win: 0x200 TcpLen: 20 is there any special way or tool to use port 0 in order to scan? and what's the meaning about this scan? [**] [116:55:1] (snort_decoder): Truncated Tcp Options [**] 04/26-23:51:08.004547 211.230.86.34:0 -> 211.1.x.x:0 TCP TTL:120 TOS:0x0 ID:38672 IpLen:20 DgmLen:48 DF ******S* Seq: 0xD563D9DB Ack: 0x0 Win: 0x4000 TcpLen: 28 the source port and dest port is 0 alike. Thanks in advance. _________________________________________________________________고.. 감.. 도.. 사.. 랑.. 만.. 들.. 기.. MSN 러브 http://www.msn.co.kr/love/
----------------------------------------------------------------------------Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents ----------------------------------------------------------------------------
Current thread:
- lots of port 0 scannings SB CH (Apr 28)
- Re: lots of port 0 scannings Brad Doctor (Apr 29)
- <Possible follow-ups>
- Re: lots of port 0 scannings Neil Dickey (Apr 29)