Security Incidents mailing list archives
Re: Large quantity of traffic from amazon.com - source_port 3000
From: tsx () NETSCAPE NET (Chris)
Date: Sat, 15 Jan 2000 19:25:28 MET
Hi,
A user here was innocently browsing amazon.com, when our firewall log here just starts filling up with traffic to his machine, from about 5 different IP addresses in a network owned by amazon.com (208.192.209.102) TCP traffic, ports all above 17xx, with source port of 3000. What stuck out is because the traffic was denied by the firewall, the hosts and traffic just kept on coming and coming...
I've saw the same type of traffic trigger off firewall alerts on one of our customers firewalls. The traffic came from the below 3 ip's and was targeted to random ports > 1800 < 2000. The src port seems to be within the same range here. 208.192.209.204 208.192.209.203 208.192.209.201 When examining the outgoing logs I found that a user was browsing amazon.com at that time when those connections occured. I thought it's probably any kind of load or traffic balancer seeking knowledge ... But one would expect to find a running httpd on one of those ip's - nope. If anybody else can shed some light on what's happening ? Could this be caused by extremly slow connections as mentioned in 375FC499.C319ECAD () sover net">http://www.securityfocus.com/templates/archive.pike?list=19&date=1999-06-8&msg=375FC499.C319ECAD () sover net</A> Cheers, Christoph Schneeberger SCS Telemedia cschnee \at\ telemedia.ch ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.
Current thread:
- Re: Large quantity of traffic from amazon.com - source_port 3000 Chris (Jan 15)
- Re: Large quantity of traffic from amazon.com - source_port 3000 Joseph Geyer (Jan 17)
- <Possible follow-ups>
- Re: Large quantity of traffic from amazon.com - source_port 3000 Dominique Brezinski (Jan 15)
- Re: Large quantity of traffic from amazon.com - source_port 3000 Andrew Steingruebl (Jan 18)
- Re: Large quantity of traffic from amazon.com - source_port 3000 Dominique Brezinski (Jan 18)
- Re: Large quantity of traffic from amazon.com - source_port 3000 Robert Graham (Jan 19)
- Socks port 1080 Heman Leopando (Jan 20)
- Re: Socks port 1080 Russell Fulton (Jan 20)
- I was scaned C. (Jan 20)
- Re: I was scaned Robert Graham (Jan 22)
- Re: I was scaned Jose Nazario (Jan 23)
- Re: Large quantity of traffic from amazon.com - source_port 3000 Andrew Steingruebl (Jan 18)