Security Incidents mailing list archives

Re: UDP flood of one of my mashines

From: Vitaly Osipov <vosipov () wolfegroup ie>
Date: Tue, 19 Jun 2001 09:31:09 +0100

Hi,

Port 7 is echo and your "attacker" addresses are probably on amplifier
networks (i did not check though). Looks like ol' good Fraggle attack - 

http://www.sans.org/infosecFAQ/threats/dos_attacks.htm



Alexander Newald wrote:


Hello,

on the 15. of June on of my mashines got hit by a udp flood.

As I only log one entry per host per secound I only can tell that I had
1704 logentries and 457 diffrent source ip's in 5 minutes starting from
9:21 cest ending 9:34 cest. All was udp traffic with source port 7 and
dest ports 326,21645,32390,58619 with most hit 21645.

As the list of all the source mashines is a bit too long to post by mail I
put it on one of my webservers:

http://www.newald.de/udp_flood_15.6.2001.txt

The most important thing I like to know is: Wy these ports? Or does this
only be a try to dos the bandwidth?

Thanks,

Alexander Newald

Alexander Newald                                       alexander () newald de
Wunstorfer Strasse 72                                        www.newald.de
30453 Hannover
Germany

Current thread:

UDP flood of one of my mashines Alexander Newald (Jun 18)
- Re: UDP flood of one of my mashines Hugo van der Kooij (Jun 18)
- Re: UDP flood of one of my mashines Vitaly Osipov (Jun 19)