Re: Is this normal?

From: Barrie Dempster (barrie_at_reboot-robot.net)
Date: 10/27/04

  • Next message: Eric McCarty: "RE: IIS Logfile"
    To: security-basics@securityfocus.com
    Date: Wed, 27 Oct 2004 13:35:19 +0100
    
    
    

    On Fri, 2004-10-22 at 12:34 -0300, Joe Polk wrote:
    > It's not necessarily unusual. Someone is scanning for open ports and such and
    > is attempting to come in.
    <snip>

    They most certainly are not, in this case.
    You can't scan for open ports if the packets contain a fake return
    address like this. In order for the scanning machine to know that a port
    is open it requires something to be sent back (ie.. SA). as has been
    mentioned before this is most likely a syn flood type attack.

    -- 
    Barrie Dempster (zeedo) - Fortiter et Strenue
      http://www.bsrf.org.uk
    [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
    
    



  • Next message: Eric McCarty: "RE: IIS Logfile"

    Relevant Pages

    • RE: The legal / illegal line?
      ... scanning without authorisation is illegal. ... as far as I am aware scanning for open ports is not illegal. ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ...
      (Pen-Test)
    • Re: router for firewall on home PC?
      ... >> Yeah, I wonder how widespread it is too, since I've heard absolutely ... But still, I've had no problems with it, it works great, and all pc scanning ... open ports. ...
      (comp.security.firewalls)
    • RE: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second
      ... > Just to let you know, scanning localhost with nmap produces strange ... Try scanning from another node before you go any ... but when he told me that I indeed had open ports and that I ... Do you Yahoo!? ...
      (Incidents)
    • Re: Is this normal?
      ... Hash: SHA1 ... > You can't scan for open ports if the packets contain a fake return ... In order for the scanning machine to know that a ...
      (Security-Basics)