nanog mailing list archives
Re: Increase of DOS attacks using TCP src and/or dst of 0
From: George Herbert <george.herbert () gmail com>
Date: Wed, 7 Mar 2012 14:48:10 -0800
Out of curiosity - Is it possible it's a command and control network, rather than directly an attack? On Wed, Mar 7, 2012 at 2:41 PM, Chris Stone <axisml () gmail com> wrote:
On Wed, Mar 7, 2012 at 1:45 PM, Matthew Huff <mhuff () ox com> wrote:Anyone else see a massive increase of scanning/dos with TCP source and/or dst port of 0? We started seeing a massive increase today creating some issue with our firewalls.Not seeing a ton of them, but do see a few logged on most all of our server like: Mar 5 07:49:13 server kernel: Shorewall:logflags:DROP:IN=eth2 OUT= MAC=00:07:e9:0f:39:f1:00:03:31:a5:74:00:08:00 SRC=178.18.16.101 DST=x.x.x.x LEN=56 TOS=0x00 PREC=0x00 TTL=204 ID=49665 DF PROTO=TCP SPT=0 DPT=0 WINDOW=37009 RES=0x14 URG ACK RST SYN FIN URGP=37422 -- Chris Stone AxisInternet, Inc. www.axint.net
-- -george william herbert george.herbert () gmail com
Current thread:
- Increase of DOS attacks using TCP src and/or dst of 0 Matthew Huff (Mar 07)
- Re: Increase of DOS attacks using TCP src and/or dst of 0 Mike Gatti (Mar 07)
- Re: Increase of DOS attacks using TCP src and/or dst of 0 Christopher Morrow (Mar 07)
- Re: Increase of DOS attacks using TCP src and/or dst of 0 Pete Carah (Mar 07)
- Re: Increase of DOS attacks using TCP src and/or dst of 0 Chris Stone (Mar 07)
- Re: Increase of DOS attacks using TCP src and/or dst of 0 George Herbert (Mar 07)