Re: TCP connections to port 1024 - DDoS?

["Turpin, Jason" <jturpin () CHEMATCH COM>]

I am seeing the same thing the last couple of days.  It comes from about 100
ip's and targets my Mail Servers on port 1024.  There are approximately 254
attempts in less than 10 seconds from these 100 ip's

-----Original Message-----
From: Abe Getchell [mailto:agetchel () KDE STATE KY US]
Sent: Monday, October 23, 2000 9:13 AM
To: INCIDENTS () SECURITYFOCUS COM
Subject: TCP connections to port 1024 - DDoS?


Hey all,
        Has anybody seen some kind of odd DDoS attack in which a number of
zombie machines try and open TCP connections to port 1024 on the target
machine?  Saw some of these coming in over the last week and this weekend,
and I wanted to see if this is anything that I should be concerned about.
There hasn't been enough traffic to kill the server or clog any pipes, but
I'm concerned that there could be eventually... or that there's something
else going on here that I'm not aware of! =O

Thanks,
Abe

Abe L. Getchell - Security Engineer
Division of System Support Services
Kentucky Department of Education
Voice   502-564-2020x225
E-mail  agetchel () kde state ky us
Web     http://www.kde.state.ky.us/