Security Incidents mailing list archives
Re: Strange Port 0 Traffic
From: Francesca C Smith <fsmith () ladylinux com>
Date: Fri, 14 Nov 2003 12:44:27 -0500
Hello, Yes I have been seeing a lot of this along with a Sharp uptick in sub-seven 27374 traffic .. Mostly from Korea .. Lady Linux At 05:41 PM 11/13/2003, Josh.Berry () compucom com wrote:
I am seeing a lot of traffic lately coming from different external sources using UDP originating from a source port of 10000 and coming to my various firewall addresses with a destination port of 0. I ran tcpdump traces for this traffic both internally and externally for about 2 weeks. The traces showed no internal servers/desktops/devices making these connections, only external machines sending these packets to the firewalls. The data in the packet is gibberish; looks like it might be encrypted. Is anyone else seeing this kind of traffic? Attached is a sanitized trace of some of these packets. Josh Berry Information Security Group 972-856-5402 --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_incidents_031023 and use priority code SF4. ----------------------------------------------------------------------------
"No Problems Only Solutions" Francesca C. Smith Lady Linux Internet Services fsmith () ladylinux com --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_incidents_031023 and use priority code SF4. ----------------------------------------------------------------------------
Current thread:
- Strange Port 0 Traffic Josh.Berry (Nov 14)
- Message not available
- Re: Strange Port 0 Traffic Francesca C Smith (Nov 14)
- Message not available
- <Possible follow-ups>
- RE: Strange Port 0 Traffic Andre Ludwig (Nov 17)
- RE: Strange Port 0 Traffic Jesus Salvador (Nov 17)