UDP flood on port 2001

From: Arnold Yancha (alyanchaat_private)
Date: Mon Sep 09 2002 - 20:05:20 PDT

  • Next message: Yonatan Bokovza: "RE: remote kernel exploits?" 

    Hi,

Anyone seen this kind of  UDP traffic ? A client has been complaining that 
their bandwidth has been eaten significantly by this type of traffic. I 
haven't seen any solid reference to it in google. Maybe somebody on this list 
can shed some light on this. Thanks.

-arnold

  1   0.000000 63.217.26.35 -> xxx.xxx.xxx.235 UDP Source port: 2001  
Destination port: 2001

0000  00 00 00 00 00 01 00 03 fe 34 28 20 08 00 45 00   .........4( ..E.
0010  00 44 45 52 00 00 37 11 8a 18 3f d9 1a 23 xx xx   .DER..7...?..#.W
0020  xx eb 07 d1 07 d1 00 30 93 14 26 00 00 00 73 bd   .......0..&...s.
0030  ff 37 28 00 00 00 9e ad cf f4 05 00 00 00 00 00   .7(.............
0040  00 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00   ..t.............
0050  00 00                                             ..

  2   0.003603 63.217.26.35 -> xxx.xxx.xxx.234 UDP Source port: 2001  
Destination port: 2001

0000  00 00 00 00 00 01 00 03 fe 34 28 20 08 00 45 00   .........4( ..E.
0010  00 48 45 da 00 00 37 11 89 8d 3f d9 1a 23 xx xx   .HE...7...?..#.W
0020  xx ea 07 d1 07 d1 00 34 ed b5 26 00 00 00 16 65   .......4..&....e
0030  5e 09 2c 00 00 00 b1 35 dd 85 05 00 00 00 00 00   ^.,....5........
0040  00 00 71 00 00 00 00 00 00 00 04 00 00 00 00 00   ..q.............
0050  00 00 c3 da ba ea                                 ......

  3   0.007376 63.217.26.26 -> xxx.xxx.xxx.235 UDP Source port: 2001  
Destination port: 2001

0000  00 00 00 00 00 01 00 03 fe 34 28 20 08 00 45 00   .........4( ..E.
0010  00 44 ae 8c 00 00 37 11 20 e7 3f d9 1a 1a xx xx   .D....7. .?....W
0020  xx eb 07 d1 07 d1 00 30 13 40 26 00 00 00 bb 78   .......0.@&....x
0030  27 4a 28 00 00 00 4e da 2f d8 05 00 00 00 00 00   'J(...N./.......
0040  00 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00   ..t.............
0050  00 00                                             ..

  4   0.010812 63.217.26.26 -> xxx.xxx.xxx.235 UDP Source port: 2001  
Destination port: 2001

0000  00 00 00 00 00 01 00 03 fe 34 28 20 08 00 45 00   .........4( ..E.
0010  00 44 ae bc 00 00 37 11 20 b7 3f d9 1a 1a xx xx   .D....7. .?....W
0020  xx eb 07 d1 07 d1 00 30 67 38 26 00 00 00 9d 46   .......0g8&....F
0030  ea 7d 28 00 00 00 16 30 6f 88 05 00 00 00 00 00   .}(....0o.......
0040  00 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00   ..t.............
0050  00 00                                             ..

  5   0.013111 63.217.26.35 -> xxx.xxx.xxx.235 UDP Source port: 2001  
Destination port: 2001

0000  00 00 00 00 00 01 00 03 fe 34 28 20 08 00 45 00   .........4( ..E.
0010  00 48 45 ec 00 00 37 11 89 7a 3f d9 1a 23 xx xx   .HE...7..z?..#.W
0020  xx eb 07 d1 07 d1 00 34 ed b4 26 00 00 00 16 65   .......4..&....e
0030  5e 09 2c 00 00 00 b1 35 dd 85 05 00 00 00 00 00   ^.,....5........
0040  00 00 71 00 00 00 00 00 00 00 04 00 00 00 00 00   ..q.............
0050  00 00 c3 da ba ea                                 ......

  6   0.013115 63.217.26.26 -> xxx.xxx.xxx.234 UDP Source port: 2001  
Destination port: 2001

0000  00 00 00 00 00 01 00 03 fe 34 28 20 08 00 45 00   .........4( ..E.
0010  00 48 b0 24 00 00 37 11 1f 4c 3f d9 1a 1a xx xx   .H.$..7..L?....W
0020  xx ea 07 d1 07 d1 00 34 ed be 26 00 00 00 16 65   .......4..&....e
0030  5e 09 2c 00 00 00 b1 35 dd 85 05 00 00 00 00 00   ^.,....5........
0040  00 00 71 00 00 00 00 00 00 00 04 00 00 00 00 00   ..q.............
0050  00 00 c3 da ba ea                                 ......

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

    This archive was generated by hypermail 2b30 : Tue Sep 10 2002 - 08:56:44 PDT