Security Incidents mailing list archives
Re: Odd Increase in Malformed Packets Aimed at Port 0
From: "Steve Porter" <crusher () naisp net>
Date: Wed, 19 Oct 2005 12:16:27 -0400
These are happening on Windows networks, with SonicWall firewalls, but I'll see what I can cobble together to get more detailed packet info. I'm pretty sure this is indicative of some new virus/exploit or something along those lines, simply due to the sheer volume of these alerts I've been getting. They started at home, on a cablemodem system, and then slowly they began popping up at work as well, two completely unrelated networks.
When I'm able to get something along the lines of a tcpdump (or equiv), I'll post here.
Thanks, - Steve ------ Original Message ----- From: "Jose Nazario" <jose () monkey org>
To: <crusher () spamcop net> Cc: <incidents () securityfocus com> Sent: Wednesday, October 19, 2005 12:03 PM Subject: Re: Odd Increase in Malformed Packets Aimed at Port 0
could be fragmented traffic. can you secure a tcpdump log of the traffic? that will reveal more attributes of the traffic than the firewall logs you shared. another poster here was discussing a recent spike in fragmented UDP traffic, too. ________ jose nazario, ph.d. jose () monkey org http://monkey.org/~jose/ http://infosecdaily.net/ http://www.wormblog.com/
Current thread:
- Odd Increase in Malformed Packets Aimed at Port 0 crusher (Oct 19)
- Re: Odd Increase in Malformed Packets Aimed at Port 0 Jose Nazario (Oct 19)
- Re: Odd Increase in Malformed Packets Aimed at Port 0 Steve Porter (Oct 19)
- RE: Odd Increase in Malformed Packets Aimed at Port 0 Geo. (Oct 19)
- <Possible follow-ups>
- Re: RE: Odd Increase in Malformed Packets Aimed at Port 0 crusher (Oct 19)
- Re: Odd Increase in Malformed Packets Aimed at Port 0 Jose Nazario (Oct 19)