Snort mailing list archives
Re: udp/4156
From: Peter Goodridge <petegdr () yahoo com>
Date: Tue, 24 Sep 2002 07:45:59 -0700 (PDT)
Colin, UDP ports 1978, 2002, and 4156 are all used by the new Apache/mod_ssl worm. See www.cert.org. If your getting traffic from all over the planet your box is probably compromised, and is being used against other sites. HTH, Pete Goodridge --- Colin Wu <wucolin () mcmaster ca> wrote:
Hi Snorters, Has anyone seen, or know what traffic might be using udp/4156 as both source and destination? I had a look on the Internet Ports Database but found no reference to it. A host on my network seems to be receiving a lot of these from all over the planet. Not enough bandwidth usage to be noticable but snort picked up "bad frag bits" on some of the packets. -- __ _ _ Network Analyst / ) // ' ) / Computing & Information Services / __|/ o ____ / / / . . McMaster University (__/ (_) \_<_/ / <_ (_(_/ (_/_ (905)525-9140 ext 24050 http://netman.McMaster.CA Only get into a life boat if you have to step UP to get into it.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
__________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- udp/4156 Colin Wu (Sep 24)
- Re: udp/4156 Peter Goodridge (Sep 24)
- Re: udp/4156 Daniel Holden (Sep 24)
- Re: udp/4156 Andreas Östling (Sep 24)