Security Incidents mailing list archives
UDP Traceroutes?
From: "Portnoy, Gary" <gportnoy () BELENOSINC COM>
Date: Mon, 19 Mar 2001 10:42:31 -0500
Hello, In the last few days i've noticed a few interesting anomailes which look like they could be a particular breed of traceroute, but I didn't want to just discount them as that. Traceroute's default destination is port UDP 33434 increasing by one with every packet sent. I've been seeing various sources tracerouting to me with destination ports below 111 and always terminating at 111. They usually reach me with dest port somewhere in the 90's and always increase till 111 (UDP). The sources are 128.9.160.210, 141.213.10.128, 192.88.114.82, 193.10.66.138. See below: 17Mar2001 3:41:36 udp 128.9.160.210:4922 a.b.c.4:96 drop 17Mar2001 3:41:40 udp 128.9.160.210:4922 a.b.c.4:97 drop 17Mar2001 3:41:44 udp 128.9.160.210:4922 a.b.c.4:98 drop 17Mar2001 3:41:48 udp 128.9.160.210:4922 a.b.c.4:99 drop 17Mar2001 3:41:52 udp 128.9.160.210:4922 a.b.c.4:100 drop 17Mar2001 3:41:56 udp 128.9.160.210:4922 a.b.c.4:101 drop 17Mar2001 3:42:00 udp 128.9.160.210:4922 a.b.c.4:102 drop 17Mar2001 3:42:04 udp 128.9.160.210:4922 a.b.c.4:103 drop 17Mar2001 3:42:08 udp 128.9.160.210:4922 a.b.c.4:104 drop 17Mar2001 3:42:12 udp 128.9.160.210:4922 a.b.c.4:105 drop 17Mar2001 3:42:16 udp 128.9.160.210:4922 a.b.c.4:106 drop 17Mar2001 3:42:20 udp 128.9.160.210:4922 a.b.c.4:107 drop 17Mar2001 3:42:24 udp 128.9.160.210:4922 a.b.c.4:108 drop 17Mar2001 3:42:28 udp 128.9.160.210:4922 a.b.c.4:109 drop 17Mar2001 3:42:32 udp 128.9.160.210:4922 a.b.c.4:110 drop 17Mar2001 3:42:36 udp 128.9.160.210:4922 a.b.c.4:111 drop 17Mar2001 11:06:33 udp 193.10.66.138:35868 a.b.c.4:103 drop 17Mar2001 11:06:37 udp 193.10.66.138:35868 a.b.c.4:104 drop 17Mar2001 11:06:41 udp 193.10.66.138:35868 a.b.c.4:105 drop 17Mar2001 11:06:45 udp 193.10.66.138:35868 a.b.c.4:106 drop 17Mar2001 11:06:49 udp 193.10.66.138:35868 a.b.c.4:107 drop 17Mar2001 11:06:53 udp 193.10.66.138:35868 a.b.c.4:108 drop 17Mar2001 11:06:57 udp 193.10.66.138:35868 a.b.c.4:109 drop 17Mar2001 11:07:01 udp 193.10.66.138:35868 a.b.c.4:110 drop 17Mar2001 11:07:05 udp 193.10.66.138:35868 a.b.c.4:111 drop Gary Portnoy Network Administrator gportnoy () belenosinc com PGP Fingerprint: 9D69 6A39 642D 78FD 207C 307D B37D E01A 2E89 9D2C
Current thread:
- UDP Traceroutes? Portnoy, Gary (Mar 19)
- <Possible follow-ups>
- Re: UDP Traceroutes? Lampe, John W. (Mar 19)
- Re: UDP Traceroutes? Portnoy, Gary (Mar 19)