Snort mailing list archives
Re: udp/4156
From: Daniel Holden <dholden () idsb net>
Date: Tue, 24 Sep 2002 08:14:55 -0700
Sounds like the slapper-B or C virus that just came out. Look for a process called .unlock. More info here http://www.sophos.com/virusinfo/analyses/linuxslapperb.html Colin Wu wrote:
Hi Snorters, Has anyone seen, or know what traffic might be using udp/4156 as both source and destination? I had a look on the Internet Ports Database but found no reference to it. A host on my network seems to be receiving a lot of these from all over the planet. Not enough bandwidth usage to be noticable but snort picked up "bad frag bits" on some of the packets. -- __ _ _ Network Analyst / ) // ' ) / Computing & Information Services / __|/ o ____ / / / . . McMaster University (__/ (_) \_<_/ / <_ (_(_/ (_/_ (905)525-9140 ext 24050 http://netman.McMaster.CA Only get into a life boat if you have to step UP to get into it. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Daniel L. Holden dholden () idsb net http://www.idsb.net ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- udp/4156 Colin Wu (Sep 24)
- Re: udp/4156 Peter Goodridge (Sep 24)
- Re: udp/4156 Daniel Holden (Sep 24)
- Re: udp/4156 Andreas Östling (Sep 24)