OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: TCP connections to port 1024 - DDoS?
From: Arrigo Triulzi (arrigoALBOURNE.COM)
Date: Tue Oct 24 2000 - 16:23:04 CDT


Turpin, Jason scripsit:
|I am seeing the same thing the last couple of days. It comes from about 100
|ip's and targets my Mail Servers on port 1024. There are approximately 254
|attempts in less than 10 seconds from these 100 ip's

You might want to consider the fact that some boxes, Linux for
example, often use 1024 as the first port for outgoing connections.
This might be an attempt to "get back" at you in some way on a waiting
connection, man-in-the-middle?

Just a quick thought.

Arrigo