Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Possible DoS attack?

Today, John Abreau gleaned this insight:

> In the meantime, we got a report from someone that the system is pounding
> their network on port 113, at roughly 50-60 request per minute. The
> excerpt from their logs looks like thes (ip addresses obscured):
>     Aug 25 08:00:14 avgo-br2 avgo-br2, list 101 denied tcp
> v2 0050.2ac2.14a0) -> yyy.yyy.yyy.yyy(113), 1 packets

Port 113 is the identd service, which allows tcp connections from clients
(which are usually themselves servers of some service) to identify the
originator of a request.  This sounds to me like it could be consistent
with a DoS attack.

To echo a sentiment of my esteemed colleague, "Why can't everyone just be

  --Paul Lussier

You know that everytime I try to go where I really want to be,
It's already where I am, cuz I'm already there...
Derek D. Martin              |  Unix/Linux Geek
ddm at |  derek at

Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at (Subject line is ignored).

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /