Security Incidents mailing list archives
Odd Increase in Malformed Packets Aimed at Port 0
From: crusher () spamcop net
Date: 17 Oct 2005 17:24:31 -0000
I've been getting a steadily increasing number of these types of alerts from my firewall. They began on October 5th, 2005 on my home network, on a Comcast cable connection, when I received just one of these alerts. 6 Days later, on October 11th, I began getting several a day. Now, I get as many as 100 in a single day. Then, October 14th, I began seeing the same thing at my office, on a small /28 IP block. It started with one, then steadily increased over the weekend. I'm now up to about 5 - 6 per day at the office, but expect it will eventually match what I am seeing on my Cable connection at home. Here is an example of the type of "attack" alert I get. Please note that aside from the "attacking" IP, all logs are identical, right down to the Port 0 the "attacking" IP sources from: 10/17/2005 12:29:56.528 - Alert - Network Access - Malformed or unhandled IP packet dropped - 13.106.57.65, 0, X1 - XXX.XXX.XXX, 1025 - IP Protocol 17 This appears to be a "new" attack, exploit attempt, or something going on out on the net, but I've not been able to find anything on it. I've checked with collegues in the field, and they too, have been noticing this same type of activity going on, and are equally stumped.
Current thread:
- Odd Increase in Malformed Packets Aimed at Port 0 crusher (Oct 19)
- Re: Odd Increase in Malformed Packets Aimed at Port 0 Jose Nazario (Oct 19)
- Re: Odd Increase in Malformed Packets Aimed at Port 0 Steve Porter (Oct 19)
- RE: Odd Increase in Malformed Packets Aimed at Port 0 Geo. (Oct 19)
- <Possible follow-ups>
- Re: RE: Odd Increase in Malformed Packets Aimed at Port 0 crusher (Oct 19)
- Re: Odd Increase in Malformed Packets Aimed at Port 0 Jose Nazario (Oct 19)