Re: SYN Flood attack with sequential destination ports?

From: Joerg Over (over@dexia.de)
Date: 11/08/01


Message-Id: <3.0.6.32.20011108200850.00904420@10.0.0.4>
Date: Thu, 08 Nov 2001 20:08:50 +0100
To: incidents@securityfocus.com
From: Joerg Over <over@dexia.de>
Subject: Re: SYN Flood attack with sequential destination ports?

Hi!

At 12:55 08.11.01 -0500 you wrote:

->The interesting characteristic is the destination port is sequential - each
->phase of attack starting at 3039 and ending arouind 34431.
--8<------------------------------------------------------------------------

Ever thought it could be a syn scan instead of a syn flood?
:)

Greetings, jo
+-------------------------------------------------------------------+
| __ __ __ __ _ _ It ain't over 'till it's Joerg Over... |
| / _ \ V / -_) '_/ |
| \___/\_/\___|_| |
+-------------------------------------------------------------------+

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • Re: FreeBSD 7, bridge, PF and syn flood = very bad performance
    ... that I build hardly can handle 2-5MB/s syn flood. ... The problem is that a quad core bridge firewall running freebsd 7 ... lock instance at the cost of increased peak memory usage. ...
    (freebsd-current)
  • Re: TCP RST handling in 6.0
    ... >>Being on the wrong end of a distributed tcp syn flood attack atm. ... is probably enough to convince me of its ... > The change we are discussing is not protecting you from SYN floods, ...
    (freebsd-net)
  • Help please! Sonicwall PRO 3060
    ... our internet connections coming and going. ... Alert: SYN flood Attack error message. ...
    (comp.security.firewalls)
  • Re: TCP RST handling in 6.0
    ... > Being on the wrong end of a distributed tcp syn flood attack atm. ... The change we are discussing is not protecting you from SYN floods, ...
    (freebsd-net)