[Dshield] Increase in probes *from* port 80, to random ports
jlauro at umflint.edu
Mon Jun 17 17:04:06 GMT 2002
You leave out some very important information:
1) what sort of connectivity do you have?
We have a class B with up to 100mb peek.
2) in what context is this happening -- single user, firewall for a
LAN, how many/what sort of users behind the firewall, if that's the
A firewall for a campus network covering a dozen buildings, thousands
of machines, etc... Most servers centrally managed, the few servers
that are not are centrally registered...
We have student labs, faculty/staff offices, and servers behind the
3) are these tcp SYN packets, or ACK's, or ACK-RST's -- or some other
76% are ACK SYN
6% ACK RST
18% just ACK
More information about the list