Educause Security Discussion mailing list archives
Re: Traffic to UDP Port 80
From: Curt Wilson <curtw () SIU EDU>
Date: Fri, 26 Oct 2007 10:23:58 -0500
Babb, Robert wrote:
Hi, I've seen a couple of instances where a MAC is sending huge amounts of traffic to a computer in the netherlands. Source port always UDP 57xxx and the dest. port is always UDP port 80. Has anybody else ever seen this? Anybody know what could cause it?
We saw a UDP port 80 flood outbound from a compromised host some time back. It was an OSX box that was compromised and some flooding tools installed. Not sure why those chose UDP 80. -- Curt Wilson IT Network Security Officer Southern Illinois University Carbondale 618-453-6237 GnuPG key: http://www.infotech.siu.edu/security/curtw.pub.asc
Current thread:
- Traffic to UDP Port 80 Babb, Robert (Oct 26)
- <Possible follow-ups>
- Re: Traffic to UDP Port 80 John Kristoff (Oct 26)
- Re: Traffic to UDP Port 80 Matthew Gracie (Oct 26)
- Re: Traffic to UDP Port 80 Andres Almanza (Oct 26)
- Re: Traffic to UDP Port 80 RLVaughn (Oct 26)
- Re: Traffic to UDP Port 80 Curt Wilson (Oct 26)
- FW: Traffic to UDP Port 80 Babb, Robert (Oct 26)