Security Incidents mailing list archives

Re: Increased activity on UDP/1434

From: Dave Aitel <dave () immunitysec com>
Date: Sat, 25 Jan 2003 09:18:38 -0500

Here's my comments on the asm, for those of you who don't read fluent
x86. :>

http://www.immunitysec.com/disassembly.txt
-dave


On Fri, 24 Jan 2003 23:05:03 -0800
"Dmitri Smirnov" <Dmitri.Smirnov () fusepoint com> wrote:


Having a big number of connections on UDP/1434 from a random IPs in
Internet on
a different networks. One hour ago (22:00 PST) one server in colo
space started to initiate
a hundreds of connection per second to diff. hosts on Internet to port
UDP/1434 (isolated).
New worms? DDoS? Is anyone experience the same?


Dmitri Smirnov, SSCP
Security Team
Fusepoint Managed Services Inc.
Suite 2323, Three Bentall Centre 
595 Burrard Street 
P.O. Box 49336 
Vancouver B.C. V7X 1L4
Phone: (604) 687-7757
Fax: (604) 687-7761
Email: Dmitri.Smirnov () fusepoint com


---------------------------------------------------------------------
------- This list is provided by the SecurityFocus ARIS analyzer
service. For more information on this free incident handling,
management and tracking system please see:
http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Increased activity on UDP/1434 Dmitri Smirnov (Jan 25)
- Re: Increased activity on UDP/1434 Sam Evans (Jan 26)
- Re: Increased activity on UDP/1434 Dejan (Jan 26)
- Re: Increased activity on UDP/1434 Dave Aitel (Jan 26)
- <Possible follow-ups>
- Re: Increased activity on UDP/1434 slswick (Jan 26)