Re: Odd Increase in Malformed Packets Aimed at Port 0
From: Steve Porter (crusher_at_naisp.net)
Date: 10/19/05
- Previous message: Jose Nazario: "Re: Odd Increase in Malformed Packets Aimed at Port 0"
- In reply to: Jose Nazario: "Re: Odd Increase in Malformed Packets Aimed at Port 0"
- Next in thread: Geo.: "RE: Odd Increase in Malformed Packets Aimed at Port 0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <incidents@securityfocus.com> Date: Wed, 19 Oct 2005 12:16:27 -0400
These are happening on Windows networks, with SonicWall firewalls, but I'll
see what I can cobble together to get more detailed packet info. I'm pretty
sure this is indicative of some new virus/exploit or something along those
lines, simply due to the sheer volume of these alerts I've been getting.
They started at home, on a cablemodem system, and then slowly they began
popping up at work as well, two completely unrelated networks.
When I'm able to get something along the lines of a tcpdump (or equiv), I'll
post here.
Thanks,
- Steve -
----- Original Message -----
From: "Jose Nazario" <jose@monkey.org>
To: <crusher@spamcop.net>
Cc: <incidents@securityfocus.com>
Sent: Wednesday, October 19, 2005 12:03 PM
Subject: Re: Odd Increase in Malformed Packets Aimed at Port 0
> could be fragmented traffic. can you secure a tcpdump log of the traffic?
> that will reveal more attributes of the traffic than the firewall logs
> you shared.
>
> another poster here was discussing a recent spike in fragmented UDP
> traffic, too.
>
> ________
> jose nazario, ph.d. jose@monkey.org
> http://monkey.org/~jose/ http://infosecdaily.net/
> http://www.wormblog.com/
>
>
- Previous message: Jose Nazario: "Re: Odd Increase in Malformed Packets Aimed at Port 0"
- In reply to: Jose Nazario: "Re: Odd Increase in Malformed Packets Aimed at Port 0"
- Next in thread: Geo.: "RE: Odd Increase in Malformed Packets Aimed at Port 0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
