Security Incidents mailing list archives
Re: UDP flood of one of my mashines
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Mon, 18 Jun 2001 22:10:46 +0200 (CEST)
On Mon, 18 Jun 2001, Alexander Newald wrote:
on the 15. of June on of my mashines got hit by a udp flood. As I only log one entry per host per secound I only can tell that I had 1704 logentries and 457 diffrent source ip's in 5 minutes starting from 9:21 cest ending 9:34 cest. All was udp traffic with source port 7 and dest ports 326,21645,32390,58619 with most hit 21645.
The ports seem random and irrelevant. The source port is 7 and you are just getting the backwash. UDP port 7 is the echo port. It may be a portscan using your IP adres as (one of the) faked source address. Hugo. -- All email send to me is bound to the rules described on my homepage. hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger.
Current thread:
- UDP flood of one of my mashines Alexander Newald (Jun 18)
- Re: UDP flood of one of my mashines Hugo van der Kooij (Jun 18)
- Re: UDP flood of one of my mashines Vitaly Osipov (Jun 19)