At 9/9/2002 08:05 PM, Arnold Yancha wrote: >Anyone seen this kind of UDP traffic ? A client has been complaining that >their bandwidth has been eaten significantly by this type of traffic. I >haven't seen any solid reference to it in google. Maybe somebody on this list >can shed some light on this. Thanks. > >-arnold > > 1 0.000000 63.217.26.35 -> xxx.xxx.xxx.235 UDP Source port: 2001 >Destination port: 2001 This behavior has been previously reported in systems compromised by an Apache worm and reported on this list. Check the message thread beginning at http://lists.insecure.org/incidents/2002/Jul/0019.html for more information. One of many news reports about the worm is available at http://www.internetnews.com/dev-news/article.php/1379361 Michael Katz mikeat_private Procinct Security ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 10 2002 - 13:16:04 PDT