Security Incidents mailing list archives
Re: Port 7000 (Apple File Share) DoS/DDoS underway
From: Jonathan Nichols <jnichols () pbp net>
Date: Wed, 22 Sep 2004 11:18:02 -0700
David Gillett wrote:
A handful of machines, nowhere near me (network prefixes 218, 211, and 61) seem to be sending a mix of SYN-ACK and RST packets, all with a source port of 7000, to assorted (random) addresses in my public Class B range. I expect this means that someone is spoofing random source addresses -- many of them in my range, but who knows how many in others... -- and ports and SYN-flooding those half-dozen machines. So far, reverse DNS and traceroute haven't helped me identify the victims.
Apple File Protocol is actually port 548, not port 7000.If I recall correctly, afs3 is a NFS like file system by IBM.. but it's not by Apple. :)
-Jonathan
Current thread:
- Re: Port 7000 (Apple File Share) DoS/DDoS underway, (continued)
- Re: Port 7000 (Apple File Share) DoS/DDoS underway Christine Kronberg (Sep 23)
- Re: Port 7000 (Apple File Share) DoS/DDoS underway Chris Krough (Sep 22)
- Re: Port 7000 (Apple File Share) DoS/DDoS underway Chris Krough (Sep 22)
- DoS/DDoS on port 1863(MSN protocol) Diego Sebastián González (Sep 26)
- RE: DoS/DDoS on port 1863(MSN protocol) easternerd (Sep 27)
- Re: DoS/DDoS on port 1863(MSN protocol) Kevin Reardon (Sep 27)
- Re: DoS/DDoS on port 1863(MSN protocol) Tillman Hodgson (Sep 29)
- data payload in SYN (Re: DoS/DDoS on port 1863(MSN protocol)) Martin Mačok (Sep 29)
- Re: DoS/DDoS on port 1863(MSN protocol) terry white (Sep 27)
- Re: DoS/DDoS on port 1863(MSN protocol) Martin Mačok (Sep 28)