[Dshield] Source Port 7000
eslerj at gmail.com
Sat Apr 22 01:38:12 GMT 2006
Someone is doing a DOS of an IRC server in china (or several) on port
7000, they are spoofing your IP's, and therefore, when the response
comes back to your actual addresses, you are seeing the results.
On Apr 21, 2006, at 5:55 PM, Valdis.Kletnieks at vt.edu wrote:
> On Fri, 21 Apr 2006 13:47:14 EDT, "Jon R. Kibler" said:
>> Apr 16 02:47:09 border6837 list 110 denied tcp 184.108.40.206
>> (7000) -> x.x.60.42(12914), 1 packet
> Do you happen to have a tcpdump or other capture of the problematic
> packets? It
> would be very helpful to see what the TCP flag bits, in particular,
> are set to.
> The diagnosis of this is *very* different if you're getting back SYN
> +ACK packets
> versus SYN versus RST/FIN/etc...
> Learn about Intrusion Detection in Depth from the comfort of your
> own couch:
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://
More information about the list