Security Incidents mailing list archives

Re: Port 7000 (Apple File Share) DoS/DDoS underway

From: Jonathan Nichols <jnichols () pbp net>
Date: Wed, 22 Sep 2004 11:18:02 -0700

David Gillett wrote:

  A handful of machines, nowhere near me (network prefixes
218, 211, and 61) seem to be sending a mix of SYN-ACK and
RST packets, all with a source port of 7000, to assorted
(random) addresses in my public Class B range.

  I expect this means that someone is spoofing random source
addresses -- many of them in my range, but who knows how many
in others... -- and ports and SYN-flooding those half-dozen
machines.

  So far, reverse DNS and traceroute haven't helped me identify
the victims.


Apple File Protocol is actually port 548, not port 7000.

If I recall correctly, afs3 is a NFS like file system by IBM.. but it'snot by Apple. :)


-Jonathan

Current thread:

Re: Port 7000 (Apple File Share) DoS/DDoS underway, (continued)
- - - Re: Port 7000 (Apple File Share) DoS/DDoS underway Christine Kronberg (Sep 23)
  - Re: Port 7000 (Apple File Share) DoS/DDoS underway Chris Krough (Sep 22)
    - Re: Port 7000 (Apple File Share) DoS/DDoS underway Chris Krough (Sep 22)
    - DoS/DDoS on port 1863(MSN protocol) Diego Sebastián González (Sep 26)
    - RE: DoS/DDoS on port 1863(MSN protocol) easternerd (Sep 27)
    - Re: DoS/DDoS on port 1863(MSN protocol) Kevin Reardon (Sep 27)
    - Re: DoS/DDoS on port 1863(MSN protocol) Tillman Hodgson (Sep 29)
    - data payload in SYN (Re: DoS/DDoS on port 1863(MSN protocol)) Martin Mačok (Sep 29)
    - Re: DoS/DDoS on port 1863(MSN protocol) terry white (Sep 27)
    - Re: DoS/DDoS on port 1863(MSN protocol) Martin Mačok (Sep 28)
  - Re: Port 7000 (Apple File Share) DoS/DDoS underway Jonathan Nichols (Sep 23)
- Re: Yahoo Account hacking xploitable (Sep 21)