Re: attacks on port 11768?

Author	All Replies
starreem Premium join:2000-12-22 Raleigh, NC Reviews: ·Earthlink Cable .. ·EarthLink	reply to Link Logger Re: attacks on port 11768? Link Logger- I had posted a similar query earlier in the day. »Excessive traffic on port 11768 I still have the logs if your are interested. -- From the Depths of Lurk
	to forum · permalink · 2005-01-06 13:56:16 ·

kpatz MY HEAD A SPLODE Premium join:2003-06-13 Manchester, NH 1 edit	I haven't seen anything on 11768, yet. You say you're seeing these hits from private (unrouteable) IP addresses? What IPs? Can you see the TTL value in the packets? I bet they're coming from a misconfigured box on the same subnet as you. Or someone's spoofing the source IP in the scans (possible for UDP or ICMP but not likely for TCP since a handshake can't normally occur). Also, are they TCP or UDP scans? -- SMTP: Spam and Malware Transfer Protocol. Also used on rare occasion to transmit e-mail messages.
	to forum · permalink · 2005-01-06 15:29:45 ·
jamesv Premium join:2003-03-08 Austin, TX	said by kpatz: I haven't seen anything on 11768, yet. You say you're seeing these hits from private (unrouteable) IP addresses? What IPs? Can you see the TTL value in the packets? I bet they're coming from a misconfigured box on the same subnet as you. Or someone's spoofing the source IP in the scans (possible for UDP or ICMP but not likely for TCP since a handshake can't normally occur). Also, are they TCP or UDP scans? The unroutable source addresses were things like 192.168.30.126. There are lots from a variety of unrelated routable IPs. It's a TCP port. 808 probes since Jan 2 evening on MCI but only 8 since Dec 28 on Road Runner and none from SBC/Yahoo! None logged on a couple of routers I monitor on Verizon and Sprint.
	to forum · permalink · 2005-01-07 02:00:54 ·

Broadband Tech > Security > Security > attacks on port 11768?