Security Incidents mailing list archives

UDP scan?

From: joey () SILICONDEFENSE COM (Joe McAlerney)
Date: Thu, 11 May 2000 14:18:39 -0700


A flurry of 61 UDP packets were sent to a single host in about one
second.  I know of nothing special about the destination port range,
other than it lies in the range of source ports for traceroutes.  I
can't think of a way to relate that to this traffic.

Any thoughts?

-Joe M

May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33495 UDP
May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33496 UDP
May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33497 UDP
May 10 11:18:44 192.245.12.7:53 -> xxx.xxx.xxx.xxx:53 UDP
May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33465 UDP
May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33466 UDP
May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33467 UDP
May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33468 UDP
May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33469 UDP
May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33470 UDP
May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33471 UDP
May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33472 UDP
May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33473 UDP
             .  .   .
May 10 11:18:45 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33522 UDP
May 10 11:18:45 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33523 UDP
May 10 11:18:45 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33524 UDP

Current thread:

UDP scan? Joe McAlerney (May 11)
- <Possible follow-ups>
- Re: UDP scan? Robert G. Ferrell (May 16)