Educause Security Discussion mailing list archives
Re: Traffic to UDP Port 80
From: John Kristoff <jtk () DEPAUL EDU>
Date: Fri, 26 Oct 2007 08:31:41 -0500
On Fri, 26 Oct 2007 08:41:23 -0400 "Babb, Robert" <babbr () UNION EDU> wrote:
I've seen a couple of instances where a MAC is sending huge amounts of traf= fic to a computer in the netherlands. Source port always UDP 57xxx and the= dest. port is always UDP port 80. Has anybody else ever seen this? Anybo= dy know what could cause it?
A Macintosh or a MAC address? Not that it matters much, but yes this sort of thing is not uncommon. Are these hosts typically unix-based, running SSH? It's also not uncommon for an account to have been brute forced whereupon a simple Perl-based UDP flooder is run from the account. John
Current thread:
- Traffic to UDP Port 80 Babb, Robert (Oct 26)
- <Possible follow-ups>
- Re: Traffic to UDP Port 80 John Kristoff (Oct 26)
- Re: Traffic to UDP Port 80 Matthew Gracie (Oct 26)
- Re: Traffic to UDP Port 80 Andres Almanza (Oct 26)
- Re: Traffic to UDP Port 80 RLVaughn (Oct 26)
- Re: Traffic to UDP Port 80 Curt Wilson (Oct 26)
- FW: Traffic to UDP Port 80 Babb, Robert (Oct 26)