Security Incidents mailing list archives

Re: UDP flood of one of my mashines

From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Mon, 18 Jun 2001 22:10:46 +0200 (CEST)

On Mon, 18 Jun 2001, Alexander Newald wrote:

on the 15. of June on of my mashines got hit by a udp flood.

As I only log one entry per host per secound I only can tell that I had
1704 logentries and 457 diffrent source ip's in 5 minutes starting from
9:21 cest ending 9:34 cest. All was udp traffic with source port 7 and
dest ports 326,21645,32390,58619 with most hit 21645.


The ports seem random and irrelevant. The source port is 7 and you are
just getting the backwash. UDP port 7 is the echo port.

It may be a portscan using your IP adres as (one of the) faked source
address.

Hugo.

-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooij () vanderkooij org         http://hvdkooij.xs4all.nl/
            Don't meddle in the affairs of sysadmins,
            for they are subtle and quick to anger.

Current thread:

UDP flood of one of my mashines Alexander Newald (Jun 18)
- Re: UDP flood of one of my mashines Hugo van der Kooij (Jun 18)
- Re: UDP flood of one of my mashines Vitaly Osipov (Jun 19)