Hosting Provided By

lots of port 0 scannings

From: SB CH <chulmin2(at)hotmail.com>
Date: Sun Apr 27 2003 - 20:51:58 EDT

Hello, all.

I found lots of port 0 traffic from various conuntry these days like this.

[**] [1:524:5] BAD TRAFFIC tcp port 0 traffic [**]
[Classification: Misc activity] [Priority: 3] 04/27-05:55:01.306781 65.57.56.46:0 -> 211.1.x.x:6588 TCP TTL:112 TOS:0x0 ID:464 IpLen:20 DgmLen:40 DF ******S* Seq: 0x95AF4 Ack: 0x0 Win: 0x200 TcpLen: 20

is there any special way or tool to use port 0 in order to scan?

and what's the meaning about this scan?

[**] [116:55:1] (snort_decoder): Truncated Tcp Options [**]
04/26-23:51:08.004547 211.230.86.34:0 -> 211.1.x.x:0 TCP TTL:120 TOS:0x0 ID:38672 IpLen:20 DgmLen:48 DF ******S* Seq: 0xD563D9DB Ack: 0x0 Win: 0x4000 TcpLen: 28

the source port and dest port is 0 alike.

Thanks in advance.

°í.. °¨.. µµ.. »ç.. ¶û.. ¸¸.. µé.. ±â.. MSN ·¯ºê http://www.msn.co.kr/love/

Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents

Received on Mon Apr 28 13:15:26 2003

Do you need help?

This message: [ Message body ]
Next message: Keith: "RE: New attack or old Vulnerability Scanner?"
Previous message: Frank Knobbe: "Re: New CodeRed strain?"
Next in thread: Brad Doctor: "Re: lots of port 0 scannings"
Reply: Brad Doctor: "Re: lots of port 0 scannings"
Reply: Neil Dickey: "Re: lots of port 0 scannings"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:04 EDT