bad traffic??
Results 1 to 4 of 4

Thread: bad traffic??

  1. #1
    Senior Member
    Join Date
    Dec 2002
    Posts
    134

    bad traffic??

    I`m running Pure Secure IDS, i have just come to check the logs and have noticed that their are about 40 warnings of "BAD TRAFFIC tcp port 0 traffic". They all come from the same IP address which appears to be a Norway ASDL connection.
    I have not seen this type of report before so if anyone could shed any light on this i`d be grateful.

    mark

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    This should help.

    Port 0 OS Fingerprinting
    As port 0 is reserved for special use as stated in RFC 1700. Coupled with the fact that this port number is reassigned by the OS, no traffic should flow over the internet use this port. As the specifics are not clear different OS's have, different ways of handling traffic using port 0 thus they can be fingerprinted.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    I don't really have an answer to your question but I remember reading about something similar on bugtraq a while back.

    http://www.securityfocus.com/archive/75/319981

    That is the email that went out to the "incidents" list.

  4. #4
    Senior Member
    Join Date
    Dec 2002
    Posts
    134
    cheers for those links.
    I`ve decided just to drop all packets form the IP address, still cant figure out though why their was so many attempts to connect to that port.
    mark

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •