RE: odd scans?
From: Bamm (Robert) Visscher (rvisscher@saball.com)Date: 05/28/02
- Previous message: Pascal C. Kocher: "AW: strange .ch scan by 195.141.86.145"
- Maybe in reply to: Scott, Michael R.: "odd scans?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Bamm (Robert) Visscher" <rvisscher@saball.com> To: "Scott, Michael R." <MICHAEL.R.SCOTT@saic.com> Date: 28 May 2002 10:21:30 -0500
Mike,
I have seen syn floods of both types (targeting a single port and
targeting all/many ports). I am not sure why an attacker would target
all ports. There may be a way to consume resources of certain OSes in
this manner, it may just be a blatant bandwidth attack, or it could even
be poor execution of a DoS attack (ie broken code).
Bammkkkk
On Fri, 2002-05-24 at 15:51, Scott, Michael R. wrote:
> that crossed my mind, but the random source port threw me off. I would
> expect most DOS attacks to target a daemon port, unless just a general
> bandwidth DOS was the goal. Thoughts?
> thanks for the reply, by the way
>
> Mike
>
-- Bamm (Robert) Visscher Senior Engineer, Managed Network Security Operations Ball Aerospace & Technologies Corp. http://www.ball.com/aerospace/index.html rvisscher@saball.com Desk: 210.734.5070 x107 Mobile: 210.240.5950
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Pascal C. Kocher: "AW: strange .ch scan by 195.141.86.145"
- Maybe in reply to: Scott, Michael R.: "odd scans?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
