Re: UDP flood of one of my mashines

From: Hugo van der Kooij (hvdkooijat_private)
Date: Mon Jun 18 2001 - 13:10:46 PDT

Next message: Derek Kwan: "Re: 2300 FTP accesses from Korea"

Previous message: Rafael Coninck Teigao: "Strange stuff on logs, followed by reboot"
In reply to: Alexander Newald: "UDP flood of one of my mashines"
Next in thread: Vitaly Osipov: "Re: UDP flood of one of my mashines"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 18 Jun 2001, Alexander Newald wrote:

> on the 15. of June on of my mashines got hit by a udp flood.
>
> As I only log one entry per host per secound I only can tell that I had
> 1704 logentries and 457 diffrent source ip's in 5 minutes starting from
> 9:21 cest ending 9:34 cest. All was udp traffic with source port 7 and
> dest ports 326,21645,32390,58619 with most hit 21645.

The ports seem random and irrelevant. The source port is 7 and you are
just getting the backwash. UDP port 7 is the echo port.

It may be a portscan using your IP adres as (one of the) faked source
address.

Hugo.

-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooijat_private		http://hvdkooij.xs4all.nl/
	    Don't meddle in the affairs of sysadmins,
	    for they are subtle and quick to anger.

Next message: Derek Kwan: "Re: 2300 FTP accesses from Korea"
Previous message: Rafael Coninck Teigao: "Strange stuff on logs, followed by reboot"
In reply to: Alexander Newald: "UDP flood of one of my mashines"
Next in thread: Vitaly Osipov: "Re: UDP flood of one of my mashines"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 18 2001 - 19:55:28 PDT