Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 2002/udp flood

From: "Mike Nowlin" <mike () mail1 viewsnet com>
Date: Wed, 28 Aug 2002 02:03:04 -0400
Richard L. Anderson writes: 
I have a FreeBSD web server that is receiving large amounts of UDP
traffic to port 2002.  Here is an example of the traffic I'm seeing
(Source and Destination IP addresses scrubbed):
Welcome to the club... :) We have been experiencing the same thing for a little over a week, on and off. Sometimes, there's enough incoming UDP traffic to slow access to a crawl, other times it's just a mild irritant (knowing that it's there), and other times, it's completely gone. We were attacked via the Apache bug a few weeks ago with the UDP port 2001 floods along with it - fixed the server, removed the backdoor, and all was well for about two weeks. Then, this started all over again on port 2002. (This time, however, I don't see any evidence of an intrusion - just the UDP flooding.) I'm not sure what this all adds up to - a lack of any similar reports made me think that we were under an "aimed specifically at you" DDoS attack, but now I'm wondering... --Mike 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: