Security Incidents mailing list archives
Re: UDP port 41170
From: "Stephen." <sa7ori () blackroses com>
Date: Tue, 4 Mar 2003 11:01:38 -0500 (EST)
Have you tried sniffing the traffic and looking at the data inside? have you connected to these ports on your hosts? have you connected to the machines and seen what processes have those sockets (if *nix fuser/lsof). If it is in your power to do these things, this is how you can investigate yourself before posting to these lists. On Tue, 4 Mar 2003, Patrick Webster wrote:
Hi All, I'm seeing lots of UDP packets on port 41170 from hundreds of source addresses - in fact i seem to be getting them every 3 seconds or so. Also, for every, say, 10 port 41170 packets detected, I'm seeing TCP packets, destination port 35175, 35429 and 38592. Any ideas? -Patrick
---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
Current thread:
- UDP port 41170 Patrick Webster (Mar 04)
- Re: UDP port 41170 Stephen. (Mar 04)