|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: UDP Probes (?) from port 28432 to 28431 ?
From: Alexander Schreiber (Alexander.Schreiber
INFORMATIK.TU-CHEMNITZ.DE)Date: Tue Mar 07 2000 - 08:12:27 CST
- Next message: thomas lakofski: "Re: getting to the point with DDoS"
- Previous message: Klaus Moeller: "UDP Probes (?) from port 28432 to 28431 ?"
- In reply to: Xander Jansen: "UDP Probes (?) from port 28432 to 28431 ?"
- Reply: Alexander Schreiber: "Re: UDP Probes (?) from port 28432 to 28431 ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi !
On Sat, 4 Mar 2000, Xander Jansen wrote:
> Has anyone seen UDP subnet-sweeps to port 28431 ? We've received a few
> reports the last months about rather persistent and recurring subnet-scans
> targetted at this specific port. All the probes are short UDP packets with
> source port 28432 and destination port 28431. Typical pattern is also that
> within a few seconds a complete subnet (/24 for example) is probed on this
Yes, a client of mine has two IP which are visible on the outside and they
are regularly receiving these probes (not exactly - the firewall on the border
is logging and dropping those packets). First detected on Jan 4 00:17:35
(MET), 27 attempts today, last Mar 6 19:41:25 (MET). The packets aimed
at the two visible IP's come in within one second.
Sources are Dialups all over the world (including one from the
Arabian Emirates) - as usual.
Regards,
Alex.
-- ------------------------------------------------------------------------------ EMail : als
- Next message: thomas lakofski: "Re: getting to the point with DDoS"
- Previous message: Klaus Moeller: "UDP Probes (?) from port 28432 to 28431 ?"
- In reply to: Xander Jansen: "UDP Probes (?) from port 28432 to 28431 ?"
- Reply: Alexander Schreiber: "Re: UDP Probes (?) from port 28432 to 28431 ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]