Security Basics mailing list archives

Re: Tons of Source port 80 to random Dest Port Traffic

From: "Deapesh Misra" <deapesh () gmail com>
Date: Thu, 25 May 2006 14:30:55 -0400

On 5/18/06, Tom Hayden <haydenth () msu edu> wrote:

Attached is a quick short summary of traffic my server ( xx.xx.xx.xx )
has been bombarded with lately.  It's a short dump from tethereal.  I
can't seem to figure it out - just tons and tons of traffic coming
from a source port of 80 to seemingly random dest. ports.  Can someone
help me identify this?

Thanks!

--
Tom


I wonder if it is a port scan, 'cause what would be the reason for
scanning ports above 1024?

Does the pattern repeat after hours/days ? I mean does "the host
211.7.246.248 *always*
sends a src 80 dest 3509 SYN,ACK packet" after a few hours/days ? If
there is a pattern, then we can be certain of some automation.

-deapesh.

Current thread:

Tons of Source port 80 to random Dest Port Traffic Tom Hayden (May 20)
- Re: Tons of Source port 80 to random Dest Port Traffic Mathew Benwell (May 23)
- Message not available
  - Re: Tons of Source port 80 to random Dest Port Traffic Tom Hayden (May 23)
- RE: Tons of Source port 80 to random Dest Port Traffic David Gillett (May 23)
- Re: Tons of Source port 80 to random Dest Port Traffic ilaiy (May 23)
- Re: Tons of Source port 80 to random Dest Port Traffic Deapesh Misra (May 29)
- <Possible follow-ups>
- Re: Tons of Source port 80 to random Dest Port Traffic tico . wu (May 23)
- Re: Re: Tons of Source port 80 to random Dest Port Traffic rcarlin (May 23)
- Re: Re: Re: Tons of Source port 80 to random Dest Port Traffic terence . cornelius (May 30)