Re: Source port 0 and from a 0 network to boot?

junkma1l_at_cox.net
Date: 06/11/05

  • Next message: kurt: "Re: Source port 0 and from a 0 network to boot?"
    Date: 11 Jun 2005 19:08:31 -0000
    To: incidents@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) The destination website advises they're experiencing 'server problems'. I would have to guess it's a trojan or botnet DDoS/SYN flood attack.

    As far as the port 0 traffic, a quote from an old Neohapisis archive "Using TCP port 0 is a common tactic to avoid some badly written packet
    filters.... Some net admins fail to realize that there is a port 0,
    thinking that the lowest port number is 1, and thus don't account for it
    when writing firewall rules.

    An attacker gains the advantage of possibly bypassing firewall rules, or
    badly written intrusion sensors.

    It should also be noted that very, very, old versions of DNS were done on
    port 0, but that wasn't done using TCP."

    Probably just disguising the attacking host (though not very well) to slow down the filtering/blocking of attackers.


  • Next message: kurt: "Re: Source port 0 and from a 0 network to boot?"