Security Incidents mailing list archives

Re: UDP port 41170

From: "Stephen." <sa7ori () blackroses com>
Date: Tue, 4 Mar 2003 11:01:38 -0500 (EST)

Have you tried sniffing the traffic and looking at the data inside? have
you connected to these ports on your hosts? have you connected to the
machines and seen what processes have those sockets (if *nix fuser/lsof).
If it is in your power to do these things, this is how you can investigate
yourself before posting to these lists.

On Tue, 4 Mar 2003, Patrick Webster wrote:

Hi All,

I'm seeing lots of UDP packets on port 41170 from hundreds of source
addresses - in fact i seem to be getting them every 3 seconds or so.

Also, for every, say, 10 port 41170 packets detected, I'm seeing TCP
packets, destination port 35175, 35429 and 38592.

Any ideas?

-Patrick


----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>

Current thread:

UDP port 41170 Patrick Webster (Mar 04)
- Re: UDP port 41170 Stephen. (Mar 04)