Hi, Anyone seen this kind of UDP traffic ? A client has been complaining that their bandwidth has been eaten significantly by this type of traffic. I haven't seen any solid reference to it in google. Maybe somebody on this list can shed some light on this. Thanks. -arnold 1 0.000000 63.217.26.35 -> xxx.xxx.xxx.235 UDP Source port: 2001 Destination port: 2001 0000 00 00 00 00 00 01 00 03 fe 34 28 20 08 00 45 00 .........4( ..E. 0010 00 44 45 52 00 00 37 11 8a 18 3f d9 1a 23 xx xx .DER..7...?..#.W 0020 xx eb 07 d1 07 d1 00 30 93 14 26 00 00 00 73 bd .......0..&...s. 0030 ff 37 28 00 00 00 9e ad cf f4 05 00 00 00 00 00 .7(............. 0040 00 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00 ..t............. 0050 00 00 .. 2 0.003603 63.217.26.35 -> xxx.xxx.xxx.234 UDP Source port: 2001 Destination port: 2001 0000 00 00 00 00 00 01 00 03 fe 34 28 20 08 00 45 00 .........4( ..E. 0010 00 48 45 da 00 00 37 11 89 8d 3f d9 1a 23 xx xx .HE...7...?..#.W 0020 xx ea 07 d1 07 d1 00 34 ed b5 26 00 00 00 16 65 .......4..&....e 0030 5e 09 2c 00 00 00 b1 35 dd 85 05 00 00 00 00 00 ^.,....5........ 0040 00 00 71 00 00 00 00 00 00 00 04 00 00 00 00 00 ..q............. 0050 00 00 c3 da ba ea ...... 3 0.007376 63.217.26.26 -> xxx.xxx.xxx.235 UDP Source port: 2001 Destination port: 2001 0000 00 00 00 00 00 01 00 03 fe 34 28 20 08 00 45 00 .........4( ..E. 0010 00 44 ae 8c 00 00 37 11 20 e7 3f d9 1a 1a xx xx .D....7. .?....W 0020 xx eb 07 d1 07 d1 00 30 13 40 26 00 00 00 bb 78 .......0.@&....x 0030 27 4a 28 00 00 00 4e da 2f d8 05 00 00 00 00 00 'J(...N./....... 0040 00 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00 ..t............. 0050 00 00 .. 4 0.010812 63.217.26.26 -> xxx.xxx.xxx.235 UDP Source port: 2001 Destination port: 2001 0000 00 00 00 00 00 01 00 03 fe 34 28 20 08 00 45 00 .........4( ..E. 0010 00 44 ae bc 00 00 37 11 20 b7 3f d9 1a 1a xx xx .D....7. .?....W 0020 xx eb 07 d1 07 d1 00 30 67 38 26 00 00 00 9d 46 .......0g8&....F 0030 ea 7d 28 00 00 00 16 30 6f 88 05 00 00 00 00 00 .}(....0o....... 0040 00 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00 ..t............. 0050 00 00 .. 5 0.013111 63.217.26.35 -> xxx.xxx.xxx.235 UDP Source port: 2001 Destination port: 2001 0000 00 00 00 00 00 01 00 03 fe 34 28 20 08 00 45 00 .........4( ..E. 0010 00 48 45 ec 00 00 37 11 89 7a 3f d9 1a 23 xx xx .HE...7..z?..#.W 0020 xx eb 07 d1 07 d1 00 34 ed b4 26 00 00 00 16 65 .......4..&....e 0030 5e 09 2c 00 00 00 b1 35 dd 85 05 00 00 00 00 00 ^.,....5........ 0040 00 00 71 00 00 00 00 00 00 00 04 00 00 00 00 00 ..q............. 0050 00 00 c3 da ba ea ...... 6 0.013115 63.217.26.26 -> xxx.xxx.xxx.234 UDP Source port: 2001 Destination port: 2001 0000 00 00 00 00 00 01 00 03 fe 34 28 20 08 00 45 00 .........4( ..E. 0010 00 48 b0 24 00 00 37 11 1f 4c 3f d9 1a 1a xx xx .H.$..7..L?....W 0020 xx ea 07 d1 07 d1 00 34 ed be 26 00 00 00 16 65 .......4..&....e 0030 5e 09 2c 00 00 00 b1 35 dd 85 05 00 00 00 00 00 ^.,....5........ 0040 00 00 71 00 00 00 00 00 00 00 04 00 00 00 00 00 ..q............. 0050 00 00 c3 da ba ea ...... ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 10 2002 - 08:56:44 PDT