[4533] in WWW Security List Archive
Re: Ports
daemon@ATHENA.MIT.EDU (dharris@kcp.com)
Thu Feb 20 13:40:33 1997
From: dharris@kcp.com
Date: Thu, 20 Feb 1997 09:53:06 -0600
To: www-security@ns2.rutgers.edu, Martin Hack <Martin.Hack@sevensys.de>
Errors-To: owner-www-security@ns2.rutgers.edu
I was told by our firewall vendor that this is a sign of "aged" DNS packets.
The console regularly showed a series of "port probe" errors starting at a high
port address and generally incrementing through to the end of port space. Our
vendor said this was caused by a DNS request which was answered by more than one
server. After the first response the firewall considers the transaction closed
and so it closes the port. All subsequent responses are considered "port probe"
attacks.
Delmer
______________________________ Reply Separator _________________________________
Subject: Ports
Author: Martin.Hack%sevensys.de@cerberus2.kcp.com (Martin Hack) at
INTERNET-MAIL
Date: 2/18/97 4:12 PM
Hi,
during setting up our new proxy i see regulary some "strange"
ports who wanna acces our system.
I guess it has something to do with a timout which caused by the
clients.
The ports are:
64297
64022
64450
...
The starting usually at 64xxx, i suppose its whole "class" of services.
So if anyone could help me out with a hint.
Bye
Martin Hack
(yes, thats my real name)
