Re: UDP port 500 traffic from two clients

From: Hugo van der Kooij (hvdkooijat_private)
Date: Mon Jan 28 2002 - 13:25:42 PST

  • Next message: Toni Heinonen: "RE: UDP port 500 traffic from two clients"

    On Mon, 28 Jan 2002, Gary Flynn wrote:
    
    > Chris Wilkes wrote:
    > > 
    > > I recently moved and changed IP addresses within my ISP's block and two
    > > IP addresses from mediaone.net and home.com hit me a couple of times a
    > > minute with a UDP request to port 500.
    > 
    > Code Red and Nimda infected machines will reportedly generate port 
    > 500 traffic.
    
    Port 500 is NOT part of CodeRed. I doubt that nimda uses them.
    
    I get hit enough by them but just on port 80. To get a feel of what a 
    normal XS4ALL ADSL server get hit by have a look at: 
    http://hvdkooij.xs4all.nl/fwlog/
    
    Only SMTP and HTTP is normal traffic and not logged there.
    
    Hugo.
    
    -- 
    All email send to me is bound to the rules described on my homepage.
        hvdkooijat_private		http://hvdkooij.xs4all.nl/
    	    Don't meddle in the affairs of sysadmins,
    	    for they are subtle and quick to anger.
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Mon Jan 28 2002 - 13:34:24 PST