[150913] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Increase of DOS attacks using TCP src and/or dst of 0

daemon@ATHENA.MIT.EDU (Chris Stone)
Wed Mar 7 17:41:51 2012

In-Reply-To: <483E6B0272B0284BA86D7596C40D29F901928959AA9D@PUR-EXCH07.ox.com>
Date: Wed, 7 Mar 2012 15:41:00 -0700
From: Chris Stone <axisml@gmail.com>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

On Wed, Mar 7, 2012 at 1:45 PM, Matthew Huff <mhuff@ox.com> wrote:
> Anyone else see a massive increase of scanning/dos with TCP source and/or
> dst port of 0? We started seeing a massive increase today creating some
> issue with our firewalls.

Not seeing a ton of them, but do see a few logged on most all of our
server like:

Mar  5 07:49:13 server kernel: Shorewall:logflags:DROP:IN=eth2 OUT=
MAC=00:07:e9:0f:39:f1:00:03:31:a5:74:00:08:00 SRC=178.18.16.101
DST=x.x.x.x LEN=56 TOS=0x00 PREC=0x00 TTL=204 ID=49665 DF PROTO=TCP
SPT=0 DPT=0 WINDOW=37009 RES=0x14 URG ACK RST SYN FIN URGP=37422





-- 
Chris Stone
AxisInternet, Inc.
www.axint.net


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[150913] in North American Network Operators' Group

Re: Increase of DOS attacks using TCP src and/or dst of 0

daemon@ATHENA.MIT.EDU (Chris Stone)Wed Mar 7 17:41:51 2012

daemon@ATHENA.MIT.EDU (Chris Stone)
Wed Mar 7 17:41:51 2012