|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: TCP connections to port 1024 - DDoS?
From: Abe Getchell (agetchel
KDE.STATE.KY.US)Date: Mon Oct 23 2000 - 13:58:25 CDT
- Next message: James Cox: "Re: Strange file I received"
- Previous message: Abe Getchell: "Possible Port 1024 DDoS - More Information"
- Maybe in reply to: Abe Getchell: "TCP connections to port 1024 - DDoS?"
- Next in thread: Turpin, Jason: "Re: TCP connections to port 1024 - DDoS?"
- Maybe reply: Abe Getchell: "Re: TCP connections to port 1024 - DDoS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Jason,
Care to share the source IP addresses? Hopefully there is a common
batch of addresses we are seeing this from. We got hammered this weekend;
there were over 100,000 connections attempted. The IP addresses didn't
reverse resolve to any domain names and an IP whois search didn't tell me
who they belonged too. Knowing that there are more folks who are seeing
this doesn't make me feel very good...
Thanks,
Abe
Abe L. Getchell - Security Engineer
Division of System Support Services
Kentucky Department of Education
Voice 502-564-2020x225
E-mail agetchelkde.state.ky.us
Web http://www.kde.state.ky.us/
> -----Original Message-----
> From: Turpin, Jason [mailto:jturpinchematch.com]
> Sent: Monday, October 23, 2000 2:23 PM
> To: 'agetchelKDE.STATE.KY.US'; INCIDENTSSECURITYFOCUS.COM
> Subject: RE: TCP connections to port 1024 - DDoS?
>
>
> I am seeing the same thing the last couple of days. It comes
> from about 100
> ip's and targets my Mail Servers on port 1024. There are
> approximately 254
> attempts in less than 10 seconds from these 100 ip's
>
> -----Original Message-----
> From: Abe Getchell [mailto:agetchelKDE.STATE.KY.US]
> Sent: Monday, October 23, 2000 9:13 AM
> To: INCIDENTSSECURITYFOCUS.COM
> Subject: TCP connections to port 1024 - DDoS?
>
>
> Hey all,
> Has anybody seen some kind of odd DDoS attack in which
> a number of
> zombie machines try and open TCP connections to port 1024 on
> the target
> machine? Saw some of these coming in over the last week and
> this weekend,
> and I wanted to see if this is anything that I should be
> concerned about.
> There hasn't been enough traffic to kill the server or clog
> any pipes, but
> I'm concerned that there could be eventually... or that
> there's something
> else going on here that I'm not aware of! =O
>
> Thanks,
> Abe
>
> Abe L. Getchell - Security Engineer
> Division of System Support Services
> Kentucky Department of Education
> Voice 502-564-2020x225
> E-mail agetchelkde.state.ky.us
> Web http://www.kde.state.ky.us/
>
- Next message: James Cox: "Re: Strange file I received"
- Previous message: Abe Getchell: "Possible Port 1024 DDoS - More Information"
- Maybe in reply to: Abe Getchell: "TCP connections to port 1024 - DDoS?"
- Next in thread: Turpin, Jason: "Re: TCP connections to port 1024 - DDoS?"
- Maybe reply: Abe Getchell: "Re: TCP connections to port 1024 - DDoS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]