Educause Security Discussion mailing list archives

Re: Traffic to UDP Port 80

From: Curt Wilson <curtw () SIU EDU>
Date: Fri, 26 Oct 2007 10:23:58 -0500

Babb, Robert wrote:

Hi,

I've seen a couple of instances where a MAC is sending huge amounts of traffic to a computer in the netherlands.  
Source port always UDP 57xxx and the dest. port is always UDP port 80.  Has anybody else ever seen this?  Anybody 
know what could cause it?


We saw a UDP port 80 flood outbound from a compromised host some time
back. It was an OSX box that was compromised and some flooding tools
installed. Not sure why those chose UDP 80.



--
Curt Wilson
IT Network Security Officer
Southern Illinois University Carbondale
618-453-6237

GnuPG key: http://www.infotech.siu.edu/security/curtw.pub.asc

Current thread:

Traffic to UDP Port 80 Babb, Robert (Oct 26)
- <Possible follow-ups>
- Re: Traffic to UDP Port 80 John Kristoff (Oct 26)
- Re: Traffic to UDP Port 80 Matthew Gracie (Oct 26)
- Re: Traffic to UDP Port 80 Andres Almanza (Oct 26)
- Re: Traffic to UDP Port 80 RLVaughn (Oct 26)
- Re: Traffic to UDP Port 80 Curt Wilson (Oct 26)
- FW: Traffic to UDP Port 80 Babb, Robert (Oct 26)