Security Basics mailing list archives

tcp dest port 5773 attack?

From: "Erick B." <erickbe () yahoo com>
Date: Wed, 4 Dec 2002 21:02:20 -0800 (PST)

Hi,

Had a client today have a inside user apparently doing
DoS attack to a 24.x.x.x address (probably some cable
broadband user) and all the traffic was from multiple
src IPs (maybe spoofed) to dest tcp port 5773. I
didn't see a copy of the trace but I had them plug a
null/blackhole host route in router to stop it then
they tracked down the PC, etc. 

Anyway, was googling all over and checking other
resources and couldn't lay my fingers on anything that
uses tcp port 5773. Any one run across this before? 

Thanks, Erick


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

Current thread:

Log Analysis Niall O Malley (LMI) (Dec 02)
- RE : Log Analysis Nicolas Villatte (Dec 03)
- Re: Log Analysis Jason Dixon (Dec 03)
- RE: Log Analysis Panth3r (Dec 03)
- Re: Log Analysis Jim Geovedi (Dec 03)
  - tcp dest port 5773 attack? Erick B. (Dec 05)
- Re: Log Analysis Mattias Hedenskog (Dec 03)
- <Possible follow-ups>
- RE: Log Analysis Wollenslegel, Troy (T.A.) (Dec 04)
- RE: Log Analysis Mark Palmer, CCNA (Dec 04)