Security Incidents mailing list archives
Re: Port 7000 (Apple File Share) DoS/DDoS underway
From: Christine Kronberg <Christine_Kronberg () genua de>
Date: Wed, 22 Sep 2004 09:03:57 +0200 (CEST)
On Mon, 20 Sep 2004, David Gillett wrote:
A handful of machines, nowhere near me (network prefixes 218, 211, and 61) seem to be sending a mix of SYN-ACK and RST packets, all with a source port of 7000, to assorted (random) addresses in my public Class B range.
I have seen the very same for a longer period of time. But the "scanning" was by not alway random. Sometimes a customers entire /16 network was scanned, sometimes only two hosts were the targets.
I expect this means that someone is spoofing random source addresses -- many of them in my range, but who knows how many in others... -- and ports and SYN-flooding those half-dozen machines.
Out of curiosity I scanned the sending host with nmap (from my own computer) just to find (after an endless time) nearly any port open. I remember have read something about but forgot about the details. My explanation was/is, that the host sending these packets (was indeed in most cases the same IP) was owned and "opened" for scanning by whoever wanted to do that. If someone can come up with a better explanation I'd love to hear it. :-) Cheers, Chris Kronberg. -- GeNUA mbH
Current thread:
- Yahoo Account hacking Freilich, Robert (Sep 20)
- Port 7000 (Apple File Share) DoS/DDoS underway David Gillett (Sep 21)
- Re: Port 7000 (Apple File Share) DoS/DDoS underway Christine Kronberg (Sep 22)
- Re: Port 7000 (Apple File Share) DoS/DDoS underway Daniel Hanson (Sep 22)
- Re: Port 7000 (Apple File Share) DoS/DDoS underway Christine Kronberg (Sep 23)
- Re: Port 7000 (Apple File Share) DoS/DDoS underway Christine Kronberg (Sep 22)
- Re: Port 7000 (Apple File Share) DoS/DDoS underway Chris Krough (Sep 22)
- Re: Port 7000 (Apple File Share) DoS/DDoS underway Chris Krough (Sep 22)
- DoS/DDoS on port 1863(MSN protocol) Diego Sebastián González (Sep 26)
- RE: DoS/DDoS on port 1863(MSN protocol) easternerd (Sep 27)
- Re: DoS/DDoS on port 1863(MSN protocol) Kevin Reardon (Sep 27)
- Re: DoS/DDoS on port 1863(MSN protocol) Tillman Hodgson (Sep 29)
- data payload in SYN (Re: DoS/DDoS on port 1863(MSN protocol)) Martin Mačok (Sep 29)
- Port 7000 (Apple File Share) DoS/DDoS underway David Gillett (Sep 21)
- Re: DoS/DDoS on port 1863(MSN protocol) terry white (Sep 27)