|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Joshua Wright (Joshua.Wright
jwu.edu)Date: Thu Nov 08 2001 - 11:55:04 CST
I am working with some folks at a partner network who are seeing a SYN flood
attack to a single destination address.
The interesting characteristic is the destination port is sequential - each
phase of attack starting at 3039 and ending arouind 34431.
I checked the source for synful.c, syn4k.c and a few others - all seem to
use a random or fixed destination port. Any ideas on what tool this could
be?
Thanks.
-Joshua Wright, GCIH
Joshua.Wrightjwu.edu
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]