Several (see http://diswww.mit.edu/charon/nanog/52239) have noticed Slapper using UDP port 4156 today (and apparently yesterday as well as I can see from netflow logs). I've also noticed a Slapper variant apparently using UDP port 1978 today as well (one of our hosts on which Slapper is no longer active is continuing to receive UDP packets to and from port 1978 from many Internet sites). H. Morrow Long University Information Security Officer Director, Information Security Office Yale University, ITS ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Sep 22 2002 - 16:58:36 PDT