[Dshield] Source Port 7000

Jon R. Kibler Jon.Kibler at aset.com
Sat Apr 22 22:00:29 GMT 2006


Valdis.Kletnieks at vt.edu wrote:
> 
> On Fri, 21 Apr 2006 13:47:14 EDT, "Jon R. Kibler" said:
> 
> > Apr 16 02:47:09 border6837 list 110 denied tcp 218.66.104.175(7000) -> x.x.60.42(12914), 1 packet
> 
> Do you happen to have a tcpdump or other capture of the problematic packets? It
> would be very helpful to see what the TCP flag bits, in particular, are set to.
> The diagnosis of this is *very* different if you're getting back SYN+ACK packets
> versus SYN versus RST/FIN/etc...

Wish I could easily capture this info! Plan to upgrade these routers over the summer, and the newer routers/IOS version will make it easier to capture TCP flags.

Jon
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list