NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Incidents> 2000-10

Subject: TCP connections to port 1024 - DDoS?
From: Abe Getchell (agetchelKDE.STATE.KY.US)
Date: Mon Oct 23 2000 - 09:13:00 CDT

Next message: Jeremy Gaddis: "Re: RedHat 6.2 boxes root'ed, shitc.tgz installed"
Previous message: Mike Worman: "Re: Connection from unknown"
Next in thread: Mike Lewinski: "Re: TCP connections to port 1024 - DDoS?"
Reply: Mike Lewinski: "Re: TCP connections to port 1024 - DDoS?"
Reply: Abe Getchell: "Re: TCP connections to port 1024 - DDoS?"
Reply: Turpin, Jason: "Re: TCP connections to port 1024 - DDoS?"
Reply: Bowman, Kevin: "Re: TCP connections to port 1024 - DDoS?"
Reply: Turpin, Jason: "Re: TCP connections to port 1024 - DDoS?"
Reply: Dave Dittrich: "Re: TCP connections to port 1024 - DDoS?"
Reply: Dave Dittrich: "Re: TCP connections to port 1024 - DDoS?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hey all,
Has anybody seen some kind of odd DDoS attack in which a number of
zombie machines try and open TCP connections to port 1024 on the target
machine? Saw some of these coming in over the last week and this weekend,
and I wanted to see if this is anything that I should be concerned about.
There hasn't been enough traffic to kill the server or clog any pipes, but
I'm concerned that there could be eventually... or that there's something
else going on here that I'm not aware of! =O

Thanks,
Abe

Abe L. Getchell - Security Engineer
Division of System Support Services
Kentucky Department of Education
Voice 502-564-2020x225
E-mail agetchelkde.state.ky.us
Web http://www.kde.state.ky.us/

Next message: Jeremy Gaddis: "Re: RedHat 6.2 boxes root'ed, shitc.tgz installed"
Previous message: Mike Worman: "Re: Connection from unknown"
Next in thread: Mike Lewinski: "Re: TCP connections to port 1024 - DDoS?"
Reply: Mike Lewinski: "Re: TCP connections to port 1024 - DDoS?"
Reply: Abe Getchell: "Re: TCP connections to port 1024 - DDoS?"
Reply: Turpin, Jason: "Re: TCP connections to port 1024 - DDoS?"
Reply: Bowman, Kevin: "Re: TCP connections to port 1024 - DDoS?"
Reply: Turpin, Jason: "Re: TCP connections to port 1024 - DDoS?"
Reply: Dave Dittrich: "Re: TCP connections to port 1024 - DDoS?"
Reply: Dave Dittrich: "Re: TCP connections to port 1024 - DDoS?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]