|
|
|
|
Snort Forums Archive
Archive Home » General Security Discussion » Another strange TCP UDP flooding
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
Another strange TCP UDP flooding
Posted by woonioi on January 26, 2006 21:57:31
i keep on receiving this attack on port 7691 (both tcp and udp) many2 times a minute. The port is already blocked. Any idea what causes these attack ?? below is the port 7691 packets:
01/27-15:16:23.995827 1:2:13:61:48:4A -> 0:7:35:EA:B8:9F type:0x800 len:0x3C
62.178.250.168:3869 -> 123.456.789.100:7691 TCP TTL:236 TOS:0x0 ID:15036 IpLen:20 DgmLen:40
*****R** Seq: 0x0 Ack: 0x0 Win: 0x0 TcpLen: 20
01/27-15:16:24.562992 1:2:13:61:48:4A -> 0:7:35:EA:B8:9F type:0x800 len:0x3E
210.213.213.166:35872 -> 123.456.789.100:7691TCP TTL:115 TOS:0x0 ID:28726 IpLen:20 DgmLen:48 DF
******S* Seq: 0xDD05A5C7 Ack: 0x0 Win: 0xFFFF TcpLen: 28
TCP Options (4) => MSS: 1452 NOP NOP SackOK
01/27-15:16:24.884683 1:2:13:61:48:4A -> 0:7:35:EA:B8:9F type:0x800 len:0x3C
201.145.103.27:4882 -> 123.456.789.100:7691 TCP TTL:240 TOS:0x0 ID:12069 IpLen:20 DgmLen:40 DF
***A*R** Seq: 0xA696FA73 Ack: 0x0 Win: 0x0 TcpLen: 20
01/27-15:16:27.148434 1:2:13:61:48:4A -> 0:7:35:EA:B8:9F type:0x800 len:0x3E
201.145.103.27:1250 -> 123.456.789.100:7691 TCP TTL:113 TOS:0x0 ID:8545 IpLen:20 DgmLen:48 DF
******S* Seq: 0x1B589AEC Ack: 0x0 Win: 0xFAF0 TcpLen: 28
TCP Options (4) => MSS: 1452 NOP NOP SackOK
01/27-15:16:27.802427 1:2:13:61:48:4A -> 0:7:35:EA:B8:9F type:0x800 len:0x3E
210.213.213.166:35872 -> 123.456.789.100:7691 TCP TTL:115 TOS:0x0 ID:28963 IpLen:20 DgmLen:48 DF
******S* Seq: 0xDD05A5C7 Ack: 0x0 Win: 0xFFFF TcpLen: 28
TCP Options (4) => MSS: 1452 NOP NOP SackOK
|
|
|
|
|
|
