Security Incidents mailing list archives
Re: TCP connections to port 1024 - DDoS?
From: Arrigo Triulzi <arrigo () ALBOURNE COM>
Date: Tue, 24 Oct 2000 22:23:04 +0100
Turpin, Jason scripsit: |I am seeing the same thing the last couple of days. It comes from about 100 |ip's and targets my Mail Servers on port 1024. There are approximately 254 |attempts in less than 10 seconds from these 100 ip's You might want to consider the fact that some boxes, Linux for example, often use 1024 as the first port for outgoing connections. This might be an attempt to "get back" at you in some way on a waiting connection, man-in-the-middle? Just a quick thought. Arrigo
Current thread:
- TCP connections to port 1024 - DDoS? Abe Getchell (Oct 24)
- Re: TCP connections to port 1024 - DDoS? Mike Lewinski (Oct 25)
- Re: TCP connections to port 1024 - DDoS? Corey Merchant (Oct 26)
- Re: TCP connections to port 1024 - DDoS? Dave Dittrich (Oct 26)
- Re: TCP connections to port 1024 - DDoS? Mike Lewinski (Oct 26)
- <Possible follow-ups>
- Re: TCP connections to port 1024 - DDoS? Abe Getchell (Oct 25)
- Re: TCP connections to port 1024 - DDoS? Turpin, Jason (Oct 25)
- Re: TCP connections to port 1024 - DDoS? Arrigo Triulzi (Oct 26)
- Re: TCP connections to port 1024 - DDoS? Peter Gamache (Oct 27)
- Re: TCP connections to port 1024 - DDoS? Arrigo Triulzi (Oct 26)
- Re: TCP connections to port 1024 - DDoS? Bowman, Kevin (Oct 26)
- Re: TCP connections to port 1024 - DDoS? Turpin, Jason (Oct 26)
- Re: TCP connections to port 1024 - DDoS? Dave Dittrich (Oct 27)
- Re: TCP connections to port 1024 - DDoS? Dave Dittrich (Oct 28)
- Re: TCP connections to port 1024 - DDoS? Mike Lewinski (Oct 25)