|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jason Giglio (jgiglio
netmar.com)Date: Thu Nov 08 2001 - 12:38:45 CST
On Thu, 08 Nov 2001 12:55:04 -0500
Joshua Wright <Joshua.Wrightjwu.edu> wrote:
> I am working with some folks at a partner network who are seeing a SYN flood
> attack to a single destination address.
>
> The interesting characteristic is the destination port is sequential - each
> phase of attack starting at 3039 and ending arouind 34431.
>
> I checked the source for synful.c, syn4k.c and a few others - all seem to
> use a random or fixed destination port. Any ideas on what tool this could
> be?
>
Synful.c... syn4k.c... Those are C source files right?
Two lines of code change that random or fixed port into a sequential port attack. I don't think For loops are over the heads of most script kiddies.
> Thanks.
>
> -Joshua Wright, GCIH
> Joshua.Wrightjwu.edu
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
-- Jason Giglio Information Technology Coordinator, Smyth Companies, Bedford VA---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]