RE: odd scans?

From: Bamm (Robert) Visscher (rvisscher@saball.com)
Date: 05/28/02


From: "Bamm (Robert) Visscher" <rvisscher@saball.com>
To: "Scott, Michael R." <MICHAEL.R.SCOTT@saic.com>
Date: 28 May 2002 10:21:30 -0500


Mike,

I have seen syn floods of both types (targeting a single port and
targeting all/many ports). I am not sure why an attacker would target
all ports. There may be a way to consume resources of certain OSes in
this manner, it may just be a blatant bandwidth attack, or it could even
be poor execution of a DoS attack (ie broken code).

Bammkkkk

On Fri, 2002-05-24 at 15:51, Scott, Michael R. wrote:
> that crossed my mind, but the random source port threw me off. I would
> expect most DOS attacks to target a daemon port, unless just a general
> bandwidth DOS was the goal. Thoughts?
> thanks for the reply, by the way
>
> Mike
>

-- 
Bamm (Robert) Visscher
Senior Engineer, Managed Network Security Operations
Ball Aerospace & Technologies Corp.
http://www.ball.com/aerospace/index.html
rvisscher@saball.com Desk: 210.734.5070 x107  Mobile: 210.240.5950 




Relevant Pages

  • Re: [Full-disclosure] targetted SSH bruteforce attacks
    ... I don't want to move it to another port, and no I don't want to ... Is anyone else seeing this type of attack? ... targeting MY box? ... Full-Disclosure - We believe in it. ...
    (Full-Disclosure)
  • Re: Attack Detected
    ... "attack" warnings from their personal firewall believes that all the ... attacks are targeting them specifically. ... I take port scans very seriously, as do most security professionals - ... they are just background chatter for a properly configured ...
    (comp.security.firewalls)
  • RE: Strange loopback in firefox.
    ... described as heavy attack from outside IP addresses. ... either using the Microsoft_DS port or epmap port to connect). ... For example a connection from port 3014 to 3015 and the next ... to facilitate one-on-one interaction with one of our expert instructors. ...
    (Security-Basics)
  • Re: Security problem
    ... simply to use a non-standard port. ... names and passwords, on large ranges of IP addresses. ... order to perform successful brute-force attack and that's ludicrous. ... DROP incoming packets for other ports (and what internet-facing server ...
    (comp.os.linux.development.apps)
  • Re: SSH server under attack...
    ... It's highly possible that even though you changed the port, an automated script discovered the new port by probing the ports and matching version numbers, ie: ... the new machine to attack me is 200.55.192.29. ... Failed password for invalid user admin from::ffff:200.55.192.29 port ...
    (Security-Basics)