Security Incidents mailing list archives
Re: TCP connections to port 1024 - DDoS?
From: "Turpin, Jason" <jturpin () CHEMATCH COM>
Date: Tue, 24 Oct 2000 11:28:27 -0500
-----Original Message----- From: Abe Getchell [mailto:agetchel () KDE STATE KY US] Sent: Monday, October 23, 2000 1:58 PM To: INCIDENTS () SECURITYFOCUS COM Subject: Re: TCP connections to port 1024 - DDoS? Hi Jason, Care to share the source IP addresses? Hopefully there is a common batch of addresses we are seeing this from. We got hammered this weekend; there were over 100,000 connections attempted. The IP addresses didn't reverse resolve to any domain names and an IP whois search didn't tell me who they belonged too. Knowing that there are more folks who are seeing this doesn't make me feel very good... Thanks, Abe Abe L. Getchell - Security Engineer Division of System Support Services Kentucky Department of Education Voice 502-564-2020x225 E-mail agetchel () kde state ky us Web http://www.kde.state.ky.us/
-----Original Message----- From: Turpin, Jason [mailto:jturpin () chematch com] Sent: Monday, October 23, 2000 2:23 PM To: 'agetchel () KDE STATE KY US'; INCIDENTS () SECURITYFOCUS COM Subject: RE: TCP connections to port 1024 - DDoS? I am seeing the same thing the last couple of days. It comes from about 100 ip's and targets my Mail Servers on port 1024. There are approximately 254 attempts in less than 10 seconds from these 100 ip's -----Original Message----- From: Abe Getchell [mailto:agetchel () KDE STATE KY US] Sent: Monday, October 23, 2000 9:13 AM To: INCIDENTS () SECURITYFOCUS COM Subject: TCP connections to port 1024 - DDoS? Hey all, Has anybody seen some kind of odd DDoS attack in which a number of zombie machines try and open TCP connections to port 1024 on the target machine? Saw some of these coming in over the last week and this weekend, and I wanted to see if this is anything that I should be concerned about. There hasn't been enough traffic to kill the server or clog any pipes, but I'm concerned that there could be eventually... or that there's something else going on here that I'm not aware of! =O Thanks, Abe Abe L. Getchell - Security Engineer Division of System Support Services Kentucky Department of Education Voice 502-564-2020x225 E-mail agetchel () kde state ky us Web http://www.kde.state.ky.us/
Attachment:
firewall 10232000.txt
Description:
Current thread:
- TCP connections to port 1024 - DDoS? Abe Getchell (Oct 24)
- Re: TCP connections to port 1024 - DDoS? Mike Lewinski (Oct 25)
- Re: TCP connections to port 1024 - DDoS? Corey Merchant (Oct 26)
- Re: TCP connections to port 1024 - DDoS? Dave Dittrich (Oct 26)
- Re: TCP connections to port 1024 - DDoS? Mike Lewinski (Oct 26)
- <Possible follow-ups>
- Re: TCP connections to port 1024 - DDoS? Abe Getchell (Oct 25)
- Re: TCP connections to port 1024 - DDoS? Turpin, Jason (Oct 25)
- Re: TCP connections to port 1024 - DDoS? Arrigo Triulzi (Oct 26)
- Re: TCP connections to port 1024 - DDoS? Peter Gamache (Oct 27)
- Re: TCP connections to port 1024 - DDoS? Arrigo Triulzi (Oct 26)
- Re: TCP connections to port 1024 - DDoS? Bowman, Kevin (Oct 26)
- Re: TCP connections to port 1024 - DDoS? Turpin, Jason (Oct 26)
- Re: TCP connections to port 1024 - DDoS? Dave Dittrich (Oct 27)
- Re: TCP connections to port 1024 - DDoS? Dave Dittrich (Oct 28)
- Re: TCP connections to port 1024 - DDoS? Mike Lewinski (Oct 25)