| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Aug 24 05:18:36 2005 From: rvarada at gmail.com (Rajesh) Subject: Port 8041 Syn flood Jackson McKinley wrote: >Dshield is showing a down swing.. have you got packet captures? > >http://isc.sans.org/port_details.php?port=8041&repax=1&tarax=2&srcax=2&percent=N&days=70 > > > I haven't found much co-relation between what dshield usually shows and the traffic that we get. It is very possible that these packets are specifically targetted against our servers. I was trying to make sure that this is not a known attack vector or a developing attack path. Glad to know that no one else is seeing this problem. What I am getting is a lot of SYN packets to port 8041. Nothing else yet. 0000 00 00 xx xx xx xx 00 xx xx xx xx xx 00 45 00 ...v.... f%.p..E. 0010 00 30 1a 6c 40 00 76 06 8c dc xx xx xx xx xx xx .0.l@.v. .......S 0020 xx xx 06 36 1f 69 cb 1f 34 9f 00 00 00 00 70 02 )..6.i.. 4.....p. 0030 40 00 c0 41 00 00 02 04 05 b4 01 01 04 02 @..A.... ...... Thanks Rajesh >On Tue, Aug 23, 2005 at 09:39:39AM +0530, Rajesh wrote: > > >>Hi All, >> >>Is anyone else seeing a very large increase of SYN packets coming to >>port 8041 over the last couple of days. It is coming from different >>addresses to most of my machines in separate networks. I couldn't find >>information about any services that use port 8041 yet. So for now I am >>assuming that this is just a SYN flood. Can anyone else shed some more >>light into this? >> >>Thanks >>Rajesh >> >> >>
Powered by blists - more mailing lists