Security Incidents mailing list archives

Re: Strange UDP Activity

From: Stephen Friedl <steve () unixwiz net>
Date: Tue, 16 Apr 2002 10:45:24 -0700

I recently started seeing strange UDP traffic to my home DSL


All the traffic was returning from the root servers, and the
source port (10xx) is irrelevant. Not sure how to explain it,
but this is not "random" DNS traffic.

198.41.0.4              a.root-servers.net
128.9.0.107             b.root-servers.net
192.33.4.12             c.root-servers.net
128.8.10.90             d.root-servers.net
192.203.230.10          E.ROOT-SERVERS.NET
192.5.5.241             f.root-servers.net
192.112.36.4            G.ROOT-SERVERS.NET
128.63.2.53             h.root-servers.net
192.36.148.17           i.root-servers.net
198.41.0.10             j.root-servers.net
193.0.14.129            k.root-servers.net
198.32.64.12            l.root-servers.net
202.12.27.33            m.root-servers.net

Steve

--- 
Stephen J Friedl | Software Consultant | Tustin, CA |   +1 714 544-6561
www.unixwiz.net  | I speak for me only |   KA8CMY   | steve () unixwiz net

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Strange UDP Activity LAVELLE,MICHAEL (HP-PaloAlto,ex1) (Apr 16)
- Re: Strange UDP Activity Ryan Russell (Apr 16)
- <Possible follow-ups>
- RE: Strange UDP Activity Joe Kattner (Apr 16)
- RE: Strange UDP Activity Rajiv Dighe (Apr 16)
  - Re: Strange UDP Activity Valdis . Kletnieks (Apr 16)
- RE: Strange UDP Activity LAVELLE,MICHAEL (HP-PaloAlto,ex1) (Apr 16)
- RE: Strange UDP Activity Jose Nazario (Apr 16)
  - Re: Strange UDP Activity Eric Brandwine (Apr 16)
    - Re: Strange UDP Activity Jose Nazario (Apr 16)
- Re: Strange UDP Activity Stephen Friedl (Apr 16)