Educause Security Discussion mailing list archives
UDP Port scans
From: Joseph Karam <jkaram () HAMILTON EDU>
Date: Fri, 2 Feb 2007 09:11:46 -0500
Folks, We are seeing an increasing number of UDP port scans which started late last semester and has now gone three weeks into the new semester. We are basically seeing student computers scanning 100s to 1000s of off-campus addresses on a single UDP source port (one computer might use UDP port 19038, the next one might use 19802, all random) and the targets they are hitting are all on different ports. Right now I've got about 40-50 student computers in this condition. Here is a sample of the output I see from one student computer: Dest. IP Addr. Start date End date Protocol Src Port Dst Port 24.116.40.145 February 1, 2007 7:03:12 PM February 1, 2007 7:07:34 PM UDP 19802 35788 74.114.158.75 February 1, 2007 7:03:12 PM February 1, 2007 7:07:33 PM UDP 19802 31394 70.115.61.169 February 1, 2007 7:03:12 PM February 1, 2007 7:07:34 PM UDP 19802 23578 24.144.43.245 February 1, 2007 7:03:12 PM February 1, 2007 7:07:37 PM UDP 19802 39572 75.19.109.227 February 1, 2007 7:03:12 PM February 1, 2007 7:07:39 PM UDP 19802 37026 ... Right now none of the students are coming forward for help, so I'm not sure if this is just from music file sharing or if they have an actual virus/spyware/worm, etc. Has anyone else seen similar activity? Thanks- Joe -- Joe Karam Director, Network and Telecommunications Services Information Technology Services, Hamilton College jkaram () hamilton edu 315-859-4167 http://www.hamilton.edu/college/its/network_services
Current thread:
- UDP Port scans Joseph Karam (Feb 02)
- <Possible follow-ups>
- Re: UDP Port scans Russell Fulton (Feb 02)
- Re: UDP Port scans Chris Edwards (Feb 02)
- Re: UDP Port scans Russell Fulton (Feb 02)