Re: unknown broadcasts
From: Claudius Li (aprentic_at_sectae.net)Date: 07/18/01
- Vorherige Nachricht: Tommie Porter: "RE: NT "net use" Malfunctions"
- Als Antwort auf: Security: "unknown broadcasts"
- Next in thread: Roy Kidder: "Re: unknown broadcasts"
- Nachrichten sortiert nach: [ Datum ] [ Thread ] [ Subject ] [ Autor ] [ Attachement ]
Sounds like your machine is being used for a flood attack.
Basically someone is sending pings to your machine with spoofed source
addresses.
Presumeably there are lots of other machines out there that are getting pings
with the same spoofed source addresses.
The poor bastards at those addresses are wondering why half the internet is
DDOSing them.
-Claudius
On Wed, Jul 18, 2001 at 09:26:49AM -0400 or thereabouts, Security wrote:
> I got a message from a company that one of our machines is sending packets
> to their network. It seems that our SQL server is sending packets to
> destination port 41530 with a source port of 1028. The more I track it the
> more I realize it's sending
> to hundreds of different networks and all of them are broadcast addresses.
>
> service 41530
> source port 1028
>
> I have hundreds of these in my log (just for one day)
>
> Jas
>
- Vorherige Nachricht: Tommie Porter: "RE: NT "net use" Malfunctions"
- Als Antwort auf: Security: "unknown broadcasts"
- Next in thread: Roy Kidder: "Re: unknown broadcasts"
- Nachrichten sortiert nach: [ Datum ] [ Thread ] [ Subject ] [ Autor ] [ Attachement ]
