Increase of DOS attacks using TCP src and/or dst of 0

George Herbert george.herbert at gmail.com
Wed Mar 7 22:48:10 UTC 2012


Out of curiosity -

Is it possible it's a command and control network, rather than
directly an attack?


On Wed, Mar 7, 2012 at 2:41 PM, Chris Stone <axisml at gmail.com> wrote:
> On Wed, Mar 7, 2012 at 1:45 PM, Matthew Huff <mhuff at ox.com> wrote:
>> Anyone else see a massive increase of scanning/dos with TCP source and/or
>> dst port of 0? We started seeing a massive increase today creating some
>> issue with our firewalls.
>
> Not seeing a ton of them, but do see a few logged on most all of our
> server like:
>
> Mar  5 07:49:13 server kernel: Shorewall:logflags:DROP:IN=eth2 OUT=
> MAC=00:07:e9:0f:39:f1:00:03:31:a5:74:00:08:00 SRC=178.18.16.101
> DST=x.x.x.x LEN=56 TOS=0x00 PREC=0x00 TTL=204 ID=49665 DF PROTO=TCP
> SPT=0 DPT=0 WINDOW=37009 RES=0x14 URG ACK RST SYN FIN URGP=37422
>
>
>
>
>
> --
> Chris Stone
> AxisInternet, Inc.
> www.axint.net
>



-- 
-george william herbert
george.herbert at gmail.com




More information about the NANOG mailing list