Security Incidents mailing list archives
RE: odd scans?
From: "Bamm (Robert) Visscher" <rvisscher () saball com>
Date: 28 May 2002 10:21:30 -0500
Mike, I have seen syn floods of both types (targeting a single port and targeting all/many ports). I am not sure why an attacker would target all ports. There may be a way to consume resources of certain OSes in this manner, it may just be a blatant bandwidth attack, or it could even be poor execution of a DoS attack (ie broken code). Bammkkkk On Fri, 2002-05-24 at 15:51, Scott, Michael R. wrote:
that crossed my mind, but the random source port threw me off. I would expect most DOS attacks to target a daemon port, unless just a general bandwidth DOS was the goal. Thoughts? thanks for the reply, by the way Mike
-- Bamm (Robert) Visscher Senior Engineer, Managed Network Security Operations Ball Aerospace & Technologies Corp. http://www.ball.com/aerospace/index.html rvisscher () saball com Desk: 210.734.5070 x107 Mobile: 210.240.5950
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- odd scans? Scott, Michael R. (May 24)
- Re: odd scans? Kyle R. Hofmann (May 24)
- Re: odd scans? Brett Glass (May 29)
- Re: odd scans? Matt Zimmerman (May 24)
- Re: odd scans? Bamm (Robert) Visscher (May 24)
- <Possible follow-ups>
- RE: odd scans? Smith, Donald (May 26)
- RE: odd scans? Bamm (Robert) Visscher (May 28)
- Re: odd scans? Kyle R. Hofmann (May 24)