|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Strange UDP traffic
From: Ed Padin (epadin
WAGWEB.COM)Date: Fri Apr 14 2000 - 10:35:58 CDT
- Next message: Frank Knobbe at Home: "Re: Port 27015"
- Previous message: Robert Graham: "Re: sadmind hack?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
I'm seeing some strange traffic on the inside of my network going to a Linux
ipmasqued firewall. Where x.x.x.x is the inside (private address range) of
my firewall I see the traffic below. The traffic comes from a 0.0.0.0
address which is disconerting. I'm not sure that any legit UDP traffic
except for Bootp/dhcp should be coming from a zero address. I'm not familiar
with any UDP exploits on these ports. The inside network has only Windoz 98
boxen and a Cisco router leading to another WAN. Any ideas?
Note: all below is UDP
Source IP Source Port Dest IP Dest Port
--------- ----------- ------- ---------
0.0.0.0 1985 x.x.x.x 3143
0.0.0.0 1986 x.x.x.x 3143
0.0.0.0 1987 x.x.x.x 3143
0.0.0.0 1988 x.x.x.x 3143
0.0.0.0 1486 x.x.x.x 3906
0.0.0.0 1487 x.x.x.x 3906
0.0.0.0 1488 x.x.x.x 1970
0.0.0.0 1489 x.x.x.x 1970
0.0.0.0 1490 x.x.x.x 1970
0.0.0.0 1491 x.x.x.x 1970
And so on....
- Next message: Frank Knobbe at Home: "Re: Port 27015"
- Previous message: Robert Graham: "Re: sadmind hack?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]