Re: Tons of Source port 80 to random Dest Port Traffic

I would say .. Just include the IP in you hosts.deny or deny that ip
address at your firewall ..may be for a day ..

./thanks
ilaiy

On 5/18/06, Tom Hayden <haydenth@xxxxxxx> wrote:
Attached is a quick short summary of traffic my server ( xx.xx.xx.xx )
has been bombarded with lately. It's a short dump from tethereal. I
can't seem to figure it out - just tons and tons of traffic coming
from a source port of 80 to seemingly random dest. ports. Can someone
help me identify this?

Thanks!

--
Tom



Relevant Pages

  • Re: After the hack and upgrade
    ... > line within an hour of the breakin. ... > I also installed novell 9.2, turned on the firewall ... > The firewall drops tons and tons of packets...and I ... Longhorn error#4711: TCPA / NGSCP VIOLATION: Microsoft optical mouse ...
    (comp.os.linux.security)
  • Re: Tons of Source port 80 to random Dest Port Traffic
    ... As a resolution to the above issue: ... It's a short dump from tethereal. ... > can't seem to figure it out - just tons and tons of traffic coming ... > from a source port of 80 to seemingly random dest. ...
    (Security-Basics)
  • Re: IPChains bug or DoS?
    ... the firewall should never use a source port other ... forwards the connection to 443 on the web server. ...
    (comp.os.linux.security)
  • Re: UDP packet being blocked
    ... > which is the one that shows up in my firewall log. ... My firewall blocks the UDP packet ... The source port can be anything. ... That is not interesting as it is the correct DNS server. ...
    (comp.security.firewalls)
  • RE: Increase in TCP 6129 (Dameware) scans?
    ... firewall drops unauthorized SYN packets, ... the 2 or 3 tries that most applications requesting TCP ... Also, with the single source port, I bet these scans ... Do you Yahoo!? ...
    (Incidents)