Security Incidents mailing list archives
Re: DNS UDP Dos Attack?
From: Gary Maltzen <maltzen () MM COM>
Date: Sun, 4 Mar 2001 16:17:34 -0600
I've seen similar when the host is running Napster. What makes you think this is a DNS attempt?
I am receiving ton of attempted UDP connections to an internal host. Connecting to this host is stopped at my firewall, but my firewall is paying a stiff price. I have seen the available memory on my firewall go down my 1-2 Mbg per minute while it trys to block all this traffic. Has anyone seen systems trying to reach a DNS host via UDP to port 42326? Here is a snippet of log files. UDP out 209.10.34.23:8541 in 209.11.137.71:42326 idle 0:32:24 flags - UDP out 209.10.34.39:29277 in 209.11.137.71:42326 idle 0:33:26 flags - UDP out 207.235.38.3:28931 in 209.11.137.71:42326 idle 0:32:42 flags - UDP out 209.10.34.39:33373 in 209.11.137.71:42326 idle 0:33:38 flags D- UDP out 206.190.71.2:33812 in 209.11.137.71:42326 idle 0:33:49 flags D- UDP out 193.141.40.42:1437 in 209.11.137.71:42326 idle 0:35:19 flags - UDP out 63.91.4.4:12673 in 209.11.137.71:42326 idle 0:34:49 flags -
Current thread:
- DNS UDP Dos Attack? James Kelty (Mar 02)
- Re: DNS UDP Dos Attack? Wlodek (Mar 02)
- Re: DNS UDP Dos Attack? Aaron Schultz (Mar 03)
- FROM port 137 TO port 137 Bryan Bradsby (Mar 03)
- Re: DNS UDP Dos Attack? Gary Maltzen (Mar 04)
- Re: DNS UDP Dos Attack? Wlodek (Mar 02)