[AusNOG] port 0 probes
Roland Dobbins
rdobbins at arbor.net
Tue Oct 7 12:11:20 EST 2014
On Oct 7, 2014, at 7:51 AM, Joshua D'Alton <joshua at railgun.com.au> wrote:
> From my research it is spoofed traffic and malformed packets potentially. I've seen it mostly in larger DDoS but it could be from other things.
We're seeing a spate of DDoS attacks utilizing this flavor of malformed traffic, at the moment (TCP/0 is a reserved port, and routers shouldn't forward it, but they do); various nonsensical flag combos, as well.
----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
More information about the AusNOG
mailing list