Attempted DOS attack or something else?

I seem to be getting a lot of portscans to port 0 over the last few weeks.
I was wondering if anyone else noticed the same? What is it? DOS attack? A
new windows virus?

Here's a portsentry log for the past couple of days.
As you can see, it's always to UDP port 0. Weird! ;)

1099327816 - 11/01/2004 16:50:16 Host: pyc030000018.lancs.ac.uk/148.88.91.28 Port: 0 UDP Blocked
1099327954 - 11/01/2004 16:52:34 Host: ACA8DBC7.ipt.aol.com/172.168.219.199 Port: 0 UDP Blocked
1099346779 - 11/01/2004 22:06:19 Host: alb-24-195-240-153.nycap.rr.com/24.195.240.153 Port: 0 UDP Blocked
1099350852 - 11/02/2004 00:14:12 Host: Ottawa-HSE-ppp261109.sympatico.ca/64.230.30.48 Port: 0 UDP Blocked
1099351491 - 11/02/2004 00:24:51 Host: boitelle-1-82-66-126-115.fbx.proxad.net/82.66.126.115 Port: 0 UDP Blocked
1099351574 - 11/02/2004 00:26:14 Host: cs242794-127.houston.rr.com/24.27.94.127 Port: 0 UDP Blocked
1099395908 - 11/02/2004 12:45:08 Host: d9-88.rb2.jax.centurytel.net/69.29.160.88 Port: 0 UDP Blocked
1099395982 - 11/02/2004 12:46:22 Host: dhcp16641011.neo.rr.com/24.166.41.11 Port: 0 UDP Blocked
1099396022 - 11/02/2004 12:47:02 Host: i231235.upc-i.chello.nl/62.195.231.235 Port: 0 UDP Blocked
1099396047 - 11/02/2004 12:47:27 Host: wbar104.lax1-4.31.114.50.lax1.dsl-verizon.net/4.31.114.50 Port: 0 UDP Blocked
1099396122 - 11/02/2004 12:48:42 Host: 65.173.37.3/65.173.37.3 Port: 0 UDP Blocked
1099396839 - 11/02/2004 13:00:39 Host: 69.106.137.119/69.106.137.119 Port: 0 UDP Blocked
1099397428 - 11/02/2004 13:10:28 Host: ACBE3B1D.ipt.aol.com/172.190.59.29 Port: 0 UDP Blocked
1099425545 - 11/02/2004 20:59:05 Host: host31-144.pool81120.interbusiness.it/81.120.144.31 Port: 135 UDP Blocked
1099429527 - 11/02/2004 22:05:27 Host: ppp-67-126-131-184.dsl.irvnca.pacbell.net/67.126.131.184 Port: 0 UDP Blocked
1099432719 - 11/02/2004 22:58:39 Host:S0106000d612615da.rd.shawcable.net/24.64.74.248 Port: 0 UDP Blocked

--
Jafar Calley
-----BEGIN GEEK CODE BLOCK-----
d+ s-:+ a C++++ L++ E--- W++ N++ w-- PE- t* 5++ R+ !tv D+ G e* h---- x?
------END GEEK CODE BLOCK------
Registered Linux User #359623
http://fatcat.homelinux.org

On Sat, 13 Nov 2004 15:19:47 -0500, jafar wrote:

> I seem to be getting a lot of portscans to port 0 over the last few
> weeks. I was wondering if anyone else noticed the same? What is it? DOS
> attack? A new windows virus?
>
> Here's a portsentry log for the past couple of days. As you can see,
> it's always to UDP port 0. Weird! ;)
>
Someone here told me not too long ago that port 0 scans (IIRC) are often
used in OS detction scans.

The log entries that you posted appear to be dated 11/01 and 11/02, and
you say they are "for the past couple of days." That was almost 2 weeks
ago, ... i think.

--
n e w s b o x /AT/ c u s t o m e r s - o f - a d e l p h i a (dot) o r g

I demand that on Sun, 14 Nov 2004 01:07:22 -0500, Newsbox may or may not
have written:

> On Sat, 13 Nov 2004 15:19:47 -0500, jafar wrote:
>
>> I seem to be getting a lot of portscans to port 0 over the last few
>> weeks. I was wondering if anyone else noticed the same? What is it? DOS
>> attack? A new windows virus?
>>
>> Here's a portsentry log for the past couple of days. As you can see,
>> it's always to UDP port 0. Weird! ;)
>>
> Someone here told me not too long ago that port 0 scans (IIRC) are often
> used in OS detction scans.

Thanks. That makes me feel a little better ;)

> The log entries that you posted appear to be dated 11/01 and 11/02, and
> you say they are "for the past couple of days." That was almost 2 weeks
> ago, ... i think.

I just went back for a second look. That was just what I had open on the
terminal on which I was browsing the log. I suppose I should have scrolled
down to post more recent scans but it doesn't matter now. :)
cheers!

--
Jafar Calley
-----BEGIN GEEK CODE BLOCK-----
d+ s-:+ a C++++ L++ E--- W++ N++ w-- PE- t* 5++ R+ !tv D+ G e* h---- x?
------END GEEK CODE BLOCK------
Registered Linux User #359623
http://fatcat.homelinux.org