Re: Source port 0 and from a 0 network to boot?
junkma1l_at_cox.net
Date: 06/11/05
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: Source port 0 and from a 0 network to boot?"
- Maybe in reply to: kurt: "Source port 0 and from a 0 network to boot?"
- Next in thread: kurt: "Re: Source port 0 and from a 0 network to boot?"
- Reply: kurt: "Re: Source port 0 and from a 0 network to boot?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 11 Jun 2005 19:08:31 -0000 To: incidents@securityfocus.com('binary' encoding is not supported, stored as-is) The destination website advises they're experiencing 'server problems'. I would have to guess it's a trojan or botnet DDoS/SYN flood attack.
As far as the port 0 traffic, a quote from an old Neohapisis archive "Using TCP port 0 is a common tactic to avoid some badly written packet
filters.... Some net admins fail to realize that there is a port 0,
thinking that the lowest port number is 1, and thus don't account for it
when writing firewall rules.
An attacker gains the advantage of possibly bypassing firewall rules, or
badly written intrusion sensors.
It should also be noted that very, very, old versions of DNS were done on
port 0, but that wasn't done using TCP."
Probably just disguising the attacking host (though not very well) to slow down the filtering/blocking of attackers.
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: Source port 0 and from a 0 network to boot?"
- Maybe in reply to: kurt: "Source port 0 and from a 0 network to boot?"
- Next in thread: kurt: "Re: Source port 0 and from a 0 network to boot?"
- Reply: kurt: "Re: Source port 0 and from a 0 network to boot?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
