Security Incidents mailing list archives
UDP scan?
From: joey () SILICONDEFENSE COM (Joe McAlerney)
Date: Thu, 11 May 2000 14:18:39 -0700
A flurry of 61 UDP packets were sent to a single host in about one second. I know of nothing special about the destination port range, other than it lies in the range of source ports for traceroutes. I can't think of a way to relate that to this traffic. Any thoughts? -Joe M May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33495 UDP May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33496 UDP May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33497 UDP May 10 11:18:44 192.245.12.7:53 -> xxx.xxx.xxx.xxx:53 UDP May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33465 UDP May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33466 UDP May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33467 UDP May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33468 UDP May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33469 UDP May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33470 UDP May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33471 UDP May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33472 UDP May 10 11:18:44 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33473 UDP . . . May 10 11:18:45 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33522 UDP May 10 11:18:45 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33523 UDP May 10 11:18:45 192.245.12.7:50701 -> xxx.xxx.xxx.xxx:33524 UDP
Current thread:
- UDP scan? Joe McAlerney (May 11)
- <Possible follow-ups>
- Re: UDP scan? Robert G. Ferrell (May 16)