Richard L. Anderson writes: > I have a FreeBSD web server that is receiving large amounts of UDP > traffic to port 2002. Here is an example of the traffic I'm seeing > (Source and Destination IP addresses scrubbed): Welcome to the club... :) We have been experiencing the same thing for a little over a week, on and off. Sometimes, there's enough incoming UDP traffic to slow access to a crawl, other times it's just a mild irritant (knowing that it's there), and other times, it's completely gone. We were attacked via the Apache bug a few weeks ago with the UDP port 2001 floods along with it - fixed the server, removed the backdoor, and all was well for about two weeks. Then, this started all over again on port 2002. (This time, however, I don't see any evidence of an intrusion - just the UDP flooding.) I'm not sure what this all adds up to - a lack of any similar reports made me think that we were under an "aimed specifically at you" DDoS attack, but now I'm wondering... --Mike ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 28 2002 - 10:28:30 PDT