Re: [fw-wiz] port 27015

From: Don Parker (dparker_at_rigelksecurity.com)
Date: 01/04/04

  • Next message: Paul Robertson: "RE: [fw-wiz] Comparisons between Router ACLs and Firewalls"
    To: hermit921 <hermit921@yahoo.com>, firewall-wizards@honor.icsalabs.com
    Date: Sat, 3 Jan 2004 18:02:23 -0500 (EST)
    
    

    It is possible as mentioend that people are scanning for servers to be used as part of a
    DDoS.

    -------------------------------------------
    Don Parker, GCIA
    Intrusion Detection Specialist
    Rigel Kent Security & Advisory Services Inc
    www.rigelksecurity.com
    ph :613.249.8340
    fax:613.249.8319
    --------------------------------------------

    On Jan 02, hermit921 <hermit921@yahoo.com> wrote:

    I am aware of the Half-Life game association. What I saw was 10 different
    IP sources scanning my entire class B on port 27015, all starting within
    one hour of each other. That didn't sound like a normal game
    behavior. But after that day, the scans didn't return.

    hermit921

    At 02:15 PM 1/1/2004, Don Parker wrote:
    >Hi there, port 27015 is often associated with Half Life online gaming
    >servers. Are you running one of these? There are some security
    >considerations to mull over if you are as these can be used in DDoS
    >attacks and the such. Just google for "port 27015 tcp" and you will get
    >quite a few hits on it.
    >
    >Cheers,
    >
    >Don
    >
    >-------------------------------------------
    >Don Parker, GCIA
    >Intrusion Detection Specialist
    >Rigel Kent Security & Advisory Services Inc
    >www.rigelksecurity.com
    >ph :613.249.8340
    >fax:613.249.8319
    >--------------------------------------------
    >
    >On Dec 22, hermit921 <hermit921@yahoo.com> wrote:
    >
    >Starting at 10:49 UTC December 22 I started seeing a 20-30 incoming packets
    >per second on TCP port 27015. Every few minutes another source
    >appeared. Any idea what is going on?
    >
    >Thanks,
    >hermit921
    >
    >_______________________________________________
    >firewall-wizards mailing list
    >firewall-wizards@honor.icsalabs.com
    ><a href='<a href='http://honor.icsalabs.com/mailman/listinfo/firewall-
    '>http://honor.icsalabs.com/mailman/listinfo/firewall->
    >wizards'><a href='
    http://honor.icsalabs.com/mailman/listinfo/firewall-
    wizards</a>'>http://honor.icsalabs.com/mailman/listinfo/firewall-wizards></a>

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    <a href='
    http://honor.icsalabs.com/mailman/listinfo/firewall-
    wizards'>http://honor.icsalabs.com/mailman/listinfo/firewall-wizards>

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Paul Robertson: "RE: [fw-wiz] Comparisons between Router ACLs and Firewalls"