Security Incidents mailing list archives
Re: UDP port 500 traffic from two clients
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Mon, 28 Jan 2002 22:25:42 +0100 (CET)
On Mon, 28 Jan 2002, Gary Flynn wrote:
Chris Wilkes wrote:I recently moved and changed IP addresses within my ISP's block and two IP addresses from mediaone.net and home.com hit me a couple of times a minute with a UDP request to port 500.Code Red and Nimda infected machines will reportedly generate port 500 traffic.
Port 500 is NOT part of CodeRed. I doubt that nimda uses them. I get hit enough by them but just on port 80. To get a feel of what a normal XS4ALL ADSL server get hit by have a look at: http://hvdkooij.xs4all.nl/fwlog/ Only SMTP and HTTP is normal traffic and not logged there. Hugo. -- All email send to me is bound to the rules described on my homepage. hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- UDP port 500 traffic from two clients Chris Wilkes (Jan 28)
- Re: UDP port 500 traffic from two clients Glen Mehn (Jan 28)
- Re: UDP port 500 traffic from two clients Gary Flynn (Jan 28)
- Re: UDP port 500 traffic from two clients Hugo van der Kooij (Jan 28)
- <Possible follow-ups>
- RE: UDP port 500 traffic from two clients McCammon, Keith (Jan 28)
- RE: UDP port 500 traffic from two clients Toni Heinonen (Jan 28)
- RE: UDP port 500 traffic from two clients Greg A. Woods (Jan 28)
- RE: UDP port 500 traffic from two clients Fernando Cardoso (Jan 29)
- RE: UDP port 500 traffic from two clients Greg A. Woods (Jan 29)
- RE: UDP port 500 traffic from two clients Greg A. Woods (Jan 28)