Security Basics mailing list archives
tcp dest port 5773 attack?
From: "Erick B." <erickbe () yahoo com>
Date: Wed, 4 Dec 2002 21:02:20 -0800 (PST)
Hi, Had a client today have a inside user apparently doing DoS attack to a 24.x.x.x address (probably some cable broadband user) and all the traffic was from multiple src IPs (maybe spoofed) to dest tcp port 5773. I didn't see a copy of the trace but I had them plug a null/blackhole host route in router to stop it then they tracked down the PC, etc. Anyway, was googling all over and checking other resources and couldn't lay my fingers on anything that uses tcp port 5773. Any one run across this before? Thanks, Erick __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
Current thread:
- Log Analysis Niall O Malley (LMI) (Dec 02)
- RE : Log Analysis Nicolas Villatte (Dec 03)
- Re: Log Analysis Jason Dixon (Dec 03)
- RE: Log Analysis Panth3r (Dec 03)
- Re: Log Analysis Jim Geovedi (Dec 03)
- tcp dest port 5773 attack? Erick B. (Dec 05)
- Re: Log Analysis Mattias Hedenskog (Dec 03)
- <Possible follow-ups>
- RE: Log Analysis Wollenslegel, Troy (T.A.) (Dec 04)
- RE: Log Analysis Mark Palmer, CCNA (Dec 04)