RE: UDP Port Sweep question

From: Benjamin Franz (snowhare_at_nihongo.org)
Date: 12/29/04

  • Next message: Jack McCarthy: "RE: UDP Port Sweep question"
    Date: Wed, 29 Dec 2004 12:11:21 -0800 (PST)
    To: Billy Dodson <billy@pmm-i.com>
    
    

    On Wed, 29 Dec 2004, Billy Dodson wrote:

    > Here is some more info regarding the port sweeps. The port the client
    > is being hit on seems to vary. The client is being hit on the same 8
    > port range from each IP port 33434-33460. All 3 sensors from the 3
    > different clients show the same destination port range. The sensors are
    > cisco IDS sensors and I am unsure as to how to get the actual packet
    > from the event.

    That port range smells like traceroutes. I've seen a lot of that kind of
    traffic to nameservers, mail servers and HTTP proxies. It often originates
    from load balancing DNS systems and other such things.

    -- 
    Benjamin Franz
    "All right, where is the answer? The battle of wits has begun.
    It ends when you click and we both serve pages - and find out who is right,
    and who is slashdotted." - David Brandt
    

  • Next message: Jack McCarthy: "RE: UDP Port Sweep question"

    Relevant Pages

    • Re: UDP Port Sweep question
      ... > Here is some more info regarding the port sweeps. ... The client is being hit on the same 8 ... > cisco IDS sensors and I am unsure as to how to get the actual packet ...
      (Incidents)
    • Re: Restricting FTP data connection port range?
      ... Not sure how you are going to restrict the port range of the client ... since the connection is going to be made to any open port on the client. ... Restricting FTP data connection port range? ...
      (AIX-L)
    • Re: Remote Desktop hangs until hitting a key on host machine
      ... The first time I connect to my XP Pro machine using the Remote Desktop ... Client the screen on the (server side) machine goes blank/black just as I hit ... OK in the "Log On to Windows" dialog on the client side. ...
      (microsoft.public.windowsxp.work_remotely)
    • Re: Solution! mIRC: DCC Send Firewall Problems (Or running a server)
      ... sending files in IRC from behind a firewall is problematic for one very ... When you attempt to DCC send... ... request is sent to the other client via the IRC server. ... The correct answer is to tell your IRC client what port range to use ...
      (comp.security.firewalls)
    • Re: How to Force client to hit same host
      ... you really aren't NLB balancing anything...just ... This configuration currently forces a client to hit a particular host ... Is there any way to force a given client to always hit a particular host ...
      (microsoft.public.windows.server.clustering)