Port "0" scanning
From: Fred_McGriff (fmcgriff_at_nospam.com)
Date: 09/12/03
- Next message: LabRat: "Re: Hacking made easy"
- Previous message: Doctor J. Frink: "Re: M$ attack on Common Sense"
- Next in thread: The Saint: "Re: Port "0" scanning"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 12 Sep 2003 15:28:50 GMT
We are noticing a massive increase in connections from Port "8" on external
machines to Port "0" on our machine. We are getting roughly 4,000 per day.
My logs suggest most of the increase is from computers on our DSL subnet. A
sample entry is:
<SAMPLE>
Sep 9 01:02:50 hurl kernel: Packet log: input ACCEPT eth0 PROTO=1
xxx.xxx.xxx.xxx:8 xxx.xxx.xxx.xxx:0 L=92 S=0x00 I=59720 F=0x0000 T=125 (#5)
<END SAMPLE>
I have tried scanning my ports externally and get reports that the port is
not available. My computer is running SUSE Linux 7.2 with the firwall turned
running. Interestingly, our WinXP boxes do not show the same kind of
activity in their logs.
I really have two questions.
Is there a way to stop ACCEPTing these connections?
Activity increased after the latest email virus hit. Is it possible this
kind of activity is part of a denial of service attack which is not intended
to cripple specific machines, but to cripple the internet in general? We are
experiencing an overall sluggishness in internet responsiveness in recent
days.
- Next message: LabRat: "Re: Hacking made easy"
- Previous message: Doctor J. Frink: "Re: M$ attack on Common Sense"
- Next in thread: The Saint: "Re: Port "0" scanning"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
