Re: Tons of Source port 80 to random Dest Port Traffic
- From: "Deapesh Misra" <deapesh@xxxxxxxxx>
- Date: Thu, 25 May 2006 14:30:55 -0400
On 5/18/06, Tom Hayden <haydenth@xxxxxxx> wrote:
Attached is a quick short summary of traffic my server ( xx.xx.xx.xx )
has been bombarded with lately. It's a short dump from tethereal. I
can't seem to figure it out - just tons and tons of traffic coming
from a source port of 80 to seemingly random dest. ports. Can someone
help me identify this?
Thanks!
--
Tom
I wonder if it is a port scan, 'cause what would be the reason for
scanning ports above 1024?
Does the pattern repeat after hours/days ? I mean does "the host
211.7.246.248 *always*
sends a src 80 dest 3509 SYN,ACK packet" after a few hours/days ? If
there is a pattern, then we can be certain of some automation.
-deapesh.
- References:
- Tons of Source port 80 to random Dest Port Traffic
- From: Tom Hayden
- Tons of Source port 80 to random Dest Port Traffic
- Prev by Date: RE: AD Policy audit tool for Windows 2000
- Next by Date: asp source code exposure
- Previous by thread: Re: Tons of Source port 80 to random Dest Port Traffic
- Next by thread: Re: Tons of Source port 80 to random Dest Port Traffic
- Index(es):
Relevant Pages
|
