|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Michael Katz (mike_at_procinct.com)
Date: Tue Sep 10 2002 - 11:36:54 CDT
At 9/9/2002 08:05 PM, Arnold Yancha wrote:
>Anyone seen this kind of UDP traffic ? A client has been complaining that
>their bandwidth has been eaten significantly by this type of traffic. I
>haven't seen any solid reference to it in google. Maybe somebody on this list
>can shed some light on this. Thanks.
>
>-arnold
>
> 1 0.000000 63.217.26.35 -> xxx.xxx.xxx.235 UDP Source port: 2001
>Destination port: 2001
This behavior has been previously reported in systems compromised by an
Apache worm and reported on this list.
Check the message thread beginning at
http://lists.insecure.org/incidents/2002/Jul/0019.html for more information.
One of many news reports about the worm is available at
http://www.internetnews.com/dev-news/article.php/1379361
Michael Katz
mike
procinct.com
Procinct Security
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]