RE: odd scans?

From: Bamm (Robert) Visscher (rvisscher@saball.com)
Date: 05/28/02


From: "Bamm (Robert) Visscher" <rvisscher@saball.com>
To: "Scott, Michael R." <MICHAEL.R.SCOTT@saic.com>
Date: 28 May 2002 10:21:30 -0500


Mike,

I have seen syn floods of both types (targeting a single port and
targeting all/many ports). I am not sure why an attacker would target
all ports. There may be a way to consume resources of certain OSes in
this manner, it may just be a blatant bandwidth attack, or it could even
be poor execution of a DoS attack (ie broken code).

Bammkkkk

On Fri, 2002-05-24 at 15:51, Scott, Michael R. wrote:
> that crossed my mind, but the random source port threw me off. I would
> expect most DOS attacks to target a daemon port, unless just a general
> bandwidth DOS was the goal. Thoughts?
> thanks for the reply, by the way
>
> Mike
>

-- 
Bamm (Robert) Visscher
Senior Engineer, Managed Network Security Operations
Ball Aerospace & Technologies Corp.
http://www.ball.com/aerospace/index.html
rvisscher@saball.com Desk: 210.734.5070 x107  Mobile: 210.240.5950 




Relevant Pages

  • Re: [Full-disclosure] targetted SSH bruteforce attacks
    ... I don't want to move it to another port, and no I don't want to ... Is anyone else seeing this type of attack? ... targeting MY box? ... Full-Disclosure - We believe in it. ...
    (Full-Disclosure)
  • Re: Attack Detected
    ... "attack" warnings from their personal firewall believes that all the ... attacks are targeting them specifically. ... I take port scans very seriously, as do most security professionals - ... they are just background chatter for a properly configured ...
    (comp.security.firewalls)
  • RE: Strange loopback in firefox.
    ... described as heavy attack from outside IP addresses. ... either using the Microsoft_DS port or epmap port to connect). ... For example a connection from port 3014 to 3015 and the next ... to facilitate one-on-one interaction with one of our expert instructors. ...
    (Security-Basics)
  • Re: Security problem
    ... simply to use a non-standard port. ... names and passwords, on large ranges of IP addresses. ... order to perform successful brute-force attack and that's ludicrous. ... DROP incoming packets for other ports (and what internet-facing server ...
    (comp.os.linux.development.apps)
  • FW: Legal? Road Runner proactive scanning.[Scanned]
    ... You consider a port scan to be an attack? ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
    (Security-Basics)