Security Incidents mailing list archives

Port 7000 (Apple File Share) DoS/DDoS underway

From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 20 Sep 2004 23:20:03 -0700

  A handful of machines, nowhere near me (network prefixes
218, 211, and 61) seem to be sending a mix of SYN-ACK and
RST packets, all with a source port of 7000, to assorted
(random) addresses in my public Class B range.

  I expect this means that someone is spoofing random source
addresses -- many of them in my range, but who knows how many
in others... -- and ports and SYN-flooding those half-dozen
machines.

  So far, reverse DNS and traceroute haven't helped me identify
the victims.

Dave Gillett

Current thread:

Yahoo Account hacking Freilich, Robert (Sep 20)
- Port 7000 (Apple File Share) DoS/DDoS underway David Gillett (Sep 21)
  - Re: Port 7000 (Apple File Share) DoS/DDoS underway Christine Kronberg (Sep 22)
    - Re: Port 7000 (Apple File Share) DoS/DDoS underway Daniel Hanson (Sep 22)
    - Re: Port 7000 (Apple File Share) DoS/DDoS underway Christine Kronberg (Sep 23)
  - Re: Port 7000 (Apple File Share) DoS/DDoS underway Chris Krough (Sep 22)
    - Re: Port 7000 (Apple File Share) DoS/DDoS underway Chris Krough (Sep 22)
    - DoS/DDoS on port 1863(MSN protocol) Diego Sebastián González (Sep 26)
    - RE: DoS/DDoS on port 1863(MSN protocol) easternerd (Sep 27)
    - Re: DoS/DDoS on port 1863(MSN protocol) Kevin Reardon (Sep 27)
    - Re: DoS/DDoS on port 1863(MSN protocol) Tillman Hodgson (Sep 29)
    - data payload in SYN (Re: DoS/DDoS on port 1863(MSN protocol)) Martin Mačok (Sep 29)

(Thread continues...)