Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

UDP Traceroutes?

From: "Portnoy, Gary" <gportnoy () BELENOSINC COM>
Date: Mon, 19 Mar 2001 10:42:31 -0500
Hello,

In the last few days i've noticed a few interesting anomailes which look
like they could be a particular breed of traceroute, but I didn't want to
just discount them as that.  Traceroute's default destination is port UDP
33434 increasing by one with every packet sent.  I've been seeing various
sources tracerouting to me with destination ports below 111 and always
terminating at 111.  They usually reach me with dest port somewhere in the
90's and always increase till 111 (UDP).  The sources are 128.9.160.210,
141.213.10.128, 192.88.114.82, 193.10.66.138.  See below:

17Mar2001  3:41:36 udp   128.9.160.210:4922     a.b.c.4:96      drop
17Mar2001  3:41:40 udp   128.9.160.210:4922     a.b.c.4:97      drop
17Mar2001  3:41:44 udp   128.9.160.210:4922     a.b.c.4:98      drop
17Mar2001  3:41:48 udp   128.9.160.210:4922     a.b.c.4:99      drop
17Mar2001  3:41:52 udp   128.9.160.210:4922     a.b.c.4:100     drop
17Mar2001  3:41:56 udp   128.9.160.210:4922     a.b.c.4:101     drop
17Mar2001  3:42:00 udp   128.9.160.210:4922     a.b.c.4:102     drop
17Mar2001  3:42:04 udp   128.9.160.210:4922     a.b.c.4:103     drop
17Mar2001  3:42:08 udp   128.9.160.210:4922     a.b.c.4:104     drop
17Mar2001  3:42:12 udp   128.9.160.210:4922     a.b.c.4:105     drop
17Mar2001  3:42:16 udp   128.9.160.210:4922     a.b.c.4:106     drop
17Mar2001  3:42:20 udp   128.9.160.210:4922     a.b.c.4:107     drop
17Mar2001  3:42:24 udp   128.9.160.210:4922     a.b.c.4:108     drop
17Mar2001  3:42:28 udp   128.9.160.210:4922     a.b.c.4:109     drop
17Mar2001  3:42:32 udp   128.9.160.210:4922     a.b.c.4:110     drop
17Mar2001  3:42:36 udp   128.9.160.210:4922     a.b.c.4:111     drop


17Mar2001 11:06:33 udp   193.10.66.138:35868    a.b.c.4:103     drop
17Mar2001 11:06:37 udp   193.10.66.138:35868    a.b.c.4:104     drop
17Mar2001 11:06:41 udp   193.10.66.138:35868    a.b.c.4:105     drop
17Mar2001 11:06:45 udp   193.10.66.138:35868    a.b.c.4:106     drop
17Mar2001 11:06:49 udp   193.10.66.138:35868    a.b.c.4:107     drop
17Mar2001 11:06:53 udp   193.10.66.138:35868    a.b.c.4:108     drop
17Mar2001 11:06:57 udp   193.10.66.138:35868    a.b.c.4:109     drop
17Mar2001 11:07:01 udp   193.10.66.138:35868    a.b.c.4:110     drop
17Mar2001 11:07:05 udp   193.10.66.138:35868    a.b.c.4:111     drop



Gary Portnoy
Network Administrator
gportnoy () belenosinc com

PGP Fingerprint: 9D69 6A39 642D 78FD 207C  307D B37D E01A 2E89 9D2C
Previous By Date Next
Previous By Thread Next

Current thread: