Security Incidents mailing list archives

Re: Wierd UDP packets

From: Tapio Sokura <oh2kku () IKI FI>
Date: Wed, 14 Feb 2001 23:23:54 +0200

Feb 14 15:49:39 ns1 kernel: Packet log: input DENY eth0 PROTO=17
144.16.64.112:39398 a.b.c.d:33465 L=38 S=0x00 I=39429 F=0x0000
T=1 (#24)
(The values of I increase serially, T increases by 1 every third packet)


That looks like a traceroute to me. At least *nix traceroutes customarily
use UDP packets to high ports (over 30000) with TTL and port values rising
steadily (without special options traceroute sends three "pings" with each
TTL value). I wouldn't be worried about this.

Current thread:

Wierd UDP packets Devdas Bhagat (Feb 14)
- Re: Wierd UDP packets Tapio Sokura (Feb 14)
- Re: Wierd UDP packets Blake Frantz (Feb 14)