Re: Is this normal?
From: Barrie Dempster (barrie_at_reboot-robot.net)
Date: 10/27/04
- Previous message: Andrew Shore: "RE: IIS Logfile"
- In reply to: Joe Polk: "Re: Is this normal?"
- Next in thread: Kluge: "Re: Is this normal?"
- Reply: Kluge: "Re: Is this normal?"
- Reply: Kenneth R Swain II: "Re: Is this normal?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: Wed, 27 Oct 2004 13:35:19 +0100
On Fri, 2004-10-22 at 12:34 -0300, Joe Polk wrote:
> It's not necessarily unusual. Someone is scanning for open ports and such and
> is attempting to come in.
<snip>
They most certainly are not, in this case.
You can't scan for open ports if the packets contain a fake return
address like this. In order for the scanning machine to know that a port
is open it requires something to be sent back (ie.. SA). as has been
mentioned before this is most likely a syn flood type attack.
-- Barrie Dempster (zeedo) - Fortiter et Strenue http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Andrew Shore: "RE: IIS Logfile"
- In reply to: Joe Polk: "Re: Is this normal?"
- Next in thread: Kluge: "Re: Is this normal?"
- Reply: Kluge: "Re: Is this normal?"
- Reply: Kenneth R Swain II: "Re: Is this normal?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
