Security Incidents mailing list archives
Re: Unusual UDP access attempts.
From: bejtlich () ALTAVISTA NET (Richard Bejtlich)
Date: Mon, 22 May 2000 12:09:50 -0000
Hello, I'm not sure what uses those ports, although the similarity between source and destination makes me consider a Trojan or master-slave relationship. SANS GIAC has entries on this activity dating to 25 Dec 99, with many interesting detects on 28 Dec 99 and later: http://www.sans.org/y2k/122599.htm http://www.sans.org/y2k/122899-9.htm http://www.sans.org/y2k/122899-1130.htm http://www.sans.org/y2k/122899-1230.htm http://www.sans.org/y2k/122899-1700.htm Richard --- I've been seeing an unusual number of blocked UDP packets at my firewall recently, the source port always being 28432 and the dest. port always being 28431. ... Aussie
Current thread:
- Unusual UDP access attempts. Aussie (May 20)
- Re: Unusual UDP access attempts. Richard Bejtlich (May 22)