Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Port 7000 (Apple File Share) DoS/DDoS underway

From: Chris Krough <ckrough () vet upenn edu>
Date: Wed, 22 Sep 2004 12:53:52 -0400
I realized just after hitting send that I completely misread the original email. I apologize for being a .... and for the extra message. 

Disregard me completely.


Chris Krough wrote:

Are these attacks successfully DoS-ing OSX clients?


David Gillett wrote:


  A handful of machines, nowhere near me (network prefixes
218, 211, and 61) seem to be sending a mix of SYN-ACK and
RST packets, all with a source port of 7000, to assorted
(random) addresses in my public Class B range.

  I expect this means that someone is spoofing random source
addresses -- many of them in my range, but who knows how many
in others... -- and ports and SYN-flooding those half-dozen
machines.

  So far, reverse DNS and traceroute haven't helped me identify
the victims.

Dave Gillett





--

Chris Krough
IT Specialist
Help Desk: nbc-help () lists vet upenn edu
Personal: ckrough () vet upenn edu
610.925.6222

University of Pennsylvania New Bolton Center
382 W. Street Rd
Kennett Square, PA 19348
Previous By Date Next
Previous By Thread Next

Current thread: