Security Incidents mailing list archives
Re: What's on udp/2002 ?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 19 Sep 2002 07:36:27 +1200
Guido Van De Velde <Guido.VanDeVelde () cc kuleuven ac be> wrote:
At least something very interesting, according to our fw logs. Anyone any idea ?
Where have you been for the last week?? The Slapper (aka Modap) worm spreads via an exploitable SSL overflow and sets up a DDoS agent which communicates with the rest of its network on UDP port 2002. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- What's on udp/2002 ? Guido Van De Velde (Sep 18)
- Re: What's on udp/2002 ? rewt (Sep 18)
- Re: What's on udp/2002 ? Nick FitzGerald (Sep 18)
- Re: What's on udp/2002 ? Jay D. Dyson (Sep 18)
- Re: What's on udp/2002 ? Kurt Seifried (Sep 18)
- Re: What's on udp/2002 ? Russell Harding (Sep 18)
- Re: What's on udp/2002 ? Nick FitzGerald (Sep 18)
- Re: What's on udp/2002 ? Johannes Ullrich (Sep 18)
- Re: What's on udp/2002 ? Jose Nazario (Sep 18)
- Re: What's on udp/2002 ? Guido Van De Velde (Sep 18)
- <Possible follow-ups>
- RE: What's on udp/2002 ? Matthew F. Caldwell (Sep 18)
- Re: What's on udp/2002 ? rewt (Sep 18)