Security Basics mailing list archives
Source Port 0 Host Sweep
From: JM <ubahmapk () gmail com>
Date: Fri, 7 Jan 2005 10:32:41 -0600
I am receiving some alerts on our IntruShield IPS of a few internal hosts "TCP: ACK Host Sweep"ing the network. All sweeps have dest port 80 (and more interestingly) source port 0. I'm familiar with Host Sweeps and port 80 and know that port 0 is a valid port, but I've never seen anything actually _use_ it. I have googled and searched all the archives I could find and haven't seen anything describing this behaviour. I want to send our HW techs to the machines (all windows PCs) and have them cleaned, but I can't even tell them what to look for. Does anyone know of any app/malware/virus that causes this sort of Host Sweep? JM
Current thread:
- Source Port 0 Host Sweep JM (Jan 07)
- Re: Source Port 0 Host Sweep GuidoZ (Jan 10)
- Re: Source Port 0 Host Sweep JM (Jan 10)
- Re: Source Port 0 Host Sweep Jeremy (Jan 27)
- Re: Source Port 0 Host Sweep JM (Jan 10)
- RE: Source Port 0 Host Sweep M. Shirk (Jan 10)
- Re: Source Port 0 Host Sweep GuidoZ (Jan 10)