[Dshield] Source Port 7000

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Fri Apr 21 21:55:53 GMT 2006


On Fri, 21 Apr 2006 13:47:14 EDT, "Jon R. Kibler" said:

> Apr 16 02:47:09 border6837 list 110 denied tcp 218.66.104.175(7000) -> x.x.60.42(12914), 1 packet

Do you happen to have a tcpdump or other capture of the problematic packets? It
would be very helpful to see what the TCP flag bits, in particular, are set to.
The diagnosis of this is *very* different if you're getting back SYN+ACK packets
versus SYN versus RST/FIN/etc...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20060421/347a1552/attachment.bin


More information about the list mailing list