RE: Tons of Source port 80 to random Dest Port Traffic
- From: "David Gillett" <gillettdavid@xxxxxxxx>
- Date: Mon, 22 May 2006 10:15:30 -0700
I see that all the time, mostly SYN-ACK packets (i.e., looks
like a response from a server to a machine on my network, except
where's the SYN from my net?).
Possibility 1:
Remote servers are under SYN-flood attack using spoofed source
addresses. Since your address was spoofed, you get the attacked
server's reesponse attempt(s).
Possibility 2:
I have occasionally seen IE appear to get fooled by this, and
enter into a TCP session that it didn't really initiate. This
might be an attack verctor against other IE bugs.
David Gillett
-----Original Message-----
From: thayden@xxxxxxxxx [mailto:thayden@xxxxxxxxx] On Behalf
Of Tom Hayden
Sent: Thursday, May 18, 2006 8:03 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Tons of Source port 80 to random Dest Port Traffic
Attached is a quick short summary of traffic my server (
xx.xx.xx.xx ) has been bombarded with lately. It's a short
dump from tethereal. I can't seem to figure it out - just
tons and tons of traffic coming from a source port of 80 to
seemingly random dest. ports. Can someone help me identify this?
Thanks!
--
Tom
- References:
- Tons of Source port 80 to random Dest Port Traffic
- From: Tom Hayden
- Tons of Source port 80 to random Dest Port Traffic
- Prev by Date: RE: Risk Assessment
- Next by Date: RE: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security."
- Previous by thread: Re: Tons of Source port 80 to random Dest Port Traffic
- Next by thread: Re: Tons of Source port 80 to random Dest Port Traffic
- Index(es):
Relevant Pages
|
|
