On Mon, 28 Jan 2002, Gary Flynn wrote: > Chris Wilkes wrote: > > > > I recently moved and changed IP addresses within my ISP's block and two > > IP addresses from mediaone.net and home.com hit me a couple of times a > > minute with a UDP request to port 500. > > Code Red and Nimda infected machines will reportedly generate port > 500 traffic. Port 500 is NOT part of CodeRed. I doubt that nimda uses them. I get hit enough by them but just on port 80. To get a feel of what a normal XS4ALL ADSL server get hit by have a look at: http://hvdkooij.xs4all.nl/fwlog/ Only SMTP and HTTP is normal traffic and not logged there. Hugo. -- All email send to me is bound to the rules described on my homepage. hvdkooijat_private http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jan 28 2002 - 13:34:24 PST