Security Incidents mailing list archives
Re: UDP flood on port 2001
From: Michael Katz <mike () procinct com>
Date: Tue, 10 Sep 2002 09:36:54 -0700
At 9/9/2002 08:05 PM, Arnold Yancha wrote:
Anyone seen this kind of UDP traffic ? A client has been complaining that their bandwidth has been eaten significantly by this type of traffic. I haven't seen any solid reference to it in google. Maybe somebody on this list can shed some light on this. Thanks. -arnold 1 0.000000 63.217.26.35 -> xxx.xxx.xxx.235 UDP Source port: 2001 Destination port: 2001
This behavior has been previously reported in systems compromised by an Apache worm and reported on this list.
Check the message thread beginning at http://lists.insecure.org/incidents/2002/Jul/0019.html for more information.
One of many news reports about the worm is available at http://www.internetnews.com/dev-news/article.php/1379361
Michael Katz mike () procinct com Procinct Security ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- UDP flood on port 2001 Arnold Yancha (Sep 10)
- Re: UDP flood on port 2001 Michael Katz (Sep 10)
- Re: UDP flood on port 2001 Arnold Yancha (Sep 11)
- <Possible follow-ups>
- RE: UDP flood on port 2001 Garbrecht, Frederick (Sep 10)
- Re: UDP flood on port 2001 KoRe MeLtDoWn (Sep 11)
- Re: UDP flood on port 2001 Michael Katz (Sep 10)