Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Tons of Source port 80 to random Dest Port Traffic

from [David Gillett] Network Security [Permanent Link]
Subject: RE: Tons of Source port 80 to random Dest Port Traffic
Date: Mon, 22 May 2006 10:15:30 -0700 
  I see that all the time, mostly SYN-ACK packets (i.e., looks
like a response from a server to a machine on my network, except
where's the SYN from my net?).

Possibility 1:

  Remote servers are under SYN-flood attack using spoofed source
addresses.  Since your address was spoofed, you get the attacked 
server's reesponse attempt(s).

Possibility 2:

  I have occasionally seen IE appear to get fooled by this, and
enter into a TCP session that it didn't really initiate.  This
might be an attack verctor against other IE bugs.

David Gillett

 


-----Original Message-----
From: thayden@gmail.com [mailto:thayden@gmail.com] On Behalf 
Of Tom Hayden
Sent: Thursday, May 18, 2006 8:03 AM
To: security-basics@securityfocus.com
Subject: Tons of Source port 80 to random Dest Port Traffic

Attached is a quick short summary of traffic my server ( 
xx.xx.xx.xx ) has been bombarded with lately.  It's a short 
dump from tethereal.  I can't seem to figure it out - just 
tons and tons of traffic coming from a source port of 80 to 
seemingly random dest. ports.  Can someone help me identify this?

Thanks!

--
Tom
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Risk Assessment, David Gillett
Next by Date:  RE: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security.", Robinson, Sonja
Previous by Thread:  Re: Tons of Source port 80 to random Dest Port Traffic, Tom Hayden
Next by Thread:  Re: Tons of Source port 80 to random Dest Port Traffic, ilaiy
Indexes:  [Date] [Thread] [Top] [All Lists]