Re: Port 7000 (Apple File Share) DoS/DDoS underway

Are these attacks successfully DoS-ing OSX clients?

David Gillett wrote:
> A handful of machines, nowhere near me (network prefixes
> 218, 211, and 61) seem to be sending a mix of SYN-ACK and
> RST packets, all with a source port of 7000, to assorted
> (random) addresses in my public Class B range.
>
> I expect this means that someone is spoofing random source
> addresses -- many of them in my range, but who knows how many
> in others... -- and ports and SYN-flooding those half-dozen
> machines.
>
> So far, reverse DNS and traceroute haven't helped me identify
> the victims.
>
> Dave Gillett
>

-- 
Chris Krough
IT Specialist
Help Desk: nbc-help_at_lists.vet.upenn.edu
Personal: ckrough_at_vet.upenn.edu
610.925.6222
University of Pennsylvania New Bolton Center
382 W. Street Rd
Kennett Square, PA 19348