Network Security: Detailed info on Re: Tons of Source port 80 to random Dest Port Traffic

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Security-Basics

[Top] [All Lists]

Re: Tons of Source port 80 to random Dest Port Traffic

from [Deapesh Misra] Network Security

[Permanent Link]

Subject:	Re: Tons of Source port 80 to random Dest Port Traffic
Date:	Thu, 25 May 2006 14:30:55 -0400

On 5/18/06, Tom Hayden <haydenth@msu.edu> wrote:

Attached is a quick short summary of traffic my server ( xx.xx.xx.xx )
has been bombarded with lately.  It's a short dump from tethereal.  I
can't seem to figure it out - just tons and tons of traffic coming
from a source port of 80 to seemingly random dest. ports.  Can someone
help me identify this?

Thanks!

--
Tom


I wonder if it is a port scan, 'cause what would be the reason for
scanning ports above 1024?

Does the pattern repeat after hours/days ? I mean does "the host
211.7.246.248 *always*
sends a src 80 dest 3509 SYN,ACK packet" after a few hours/days ? If
there is a pattern, then we can be certain of some automation.

-deapesh.

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Tons of Source port 80 to random Dest Port Traffic, Tom Hayden Re: Tons of Source port 80 to random Dest Port Traffic, Mathew Benwell Message not available Re: Tons of Source port 80 to random Dest Port Traffic, Tom Hayden RE: Tons of Source port 80 to random Dest Port Traffic, David Gillett Re: Tons of Source port 80 to random Dest Port Traffic, ilaiy Re: Tons of Source port 80 to random Dest Port Traffic, Deapesh Misra <= Re: Tons of Source port 80 to random Dest Port Traffic, tico . wu Re: Re: Tons of Source port 80 to random Dest Port Traffic, rcarlin Re: Re: Re: Tons of Source port 80 to random Dest Port Traffic, terence . cornelius

Previous by Date:	RE: AD Policy audit tool for Windows 2000, Roger A. Grimes
Next by Date:	RE: AD Policy audit tool for Windows 2000, Crawley, Jim
Previous by Thread:	Re: Tons of Source port 80 to random Dest Port Traffic, ilaiy
Next by Thread:	Re: Tons of Source port 80 to random Dest Port Traffic, tico . wu
Indexes:	[Date] [Thread] [Top] [All Lists]