Security Incidents mailing list archives

Wierd UDP packets

From: Devdas Bhagat <devdas () worldgatein net>
Date: Wed, 14 Feb 2001 16:10:25 +0530

Feb 14 15:49:39 ns1 kernel: Packet log: input DENY eth0 PROTO=17
144.16.64.112:39398 a.b.c.d:33465 L=38 S=0x00 I=39429 F=0x0000
T=1 (#24) 
(The values of I increase serially, T increases by 1 every third packet)

I have got this wierd UDP scan from 144.16.64.112:39398 to UDP ports in
the range 33467 to 39398.
I have never seen this range in UDP before (TCP, yes, seen this type of
scanning). Looks like an automated tool, but I can't figure out why
these high ports. Any known trojans/scans in this range?

Devdas Bhagat
--
Time washes clean
Love's wounds unseen.
That's what someone told me;
But I don't know what it means.
                -- Linda Ronstadt, "Long Long Time"

Current thread:

Wierd UDP packets Devdas Bhagat (Feb 14)
- Re: Wierd UDP packets Tapio Sokura (Feb 14)
- Re: Wierd UDP packets Blake Frantz (Feb 14)