Re: Port 1234 UDP traffic increase?

["Dude VanWinkle" <dudevanwinkle () gmail com>]

On Dec 14, 2007 12:05 PM, Bob Holowenko <holowenko () gmail com> wrote:
> Personally I do not think we have to worry about traffic from doubleclick.
> They were bought out by Google last spring I believe. As for traffic on port
> 1234 I have not seen any increase in it. I will however be setting up some
> packet sniffing on my network edge to see if I can get more information
> about what is being carried in those packet.
>
> Anyone have any wireshark caps already?


OK, I figured this one out with a little help from wireshark and the
machines receiving the traffic. Apparently 1234/UDP is used for a
proprietary Video Streaming application.

I think what I will take away from this is that while the last time I
was watching this much traffic, viruses were noisy and big. Today, the
ones to worry about are DDoS (80,53, 433, 8080, etc) and quiet C&C
channels. I guess the days of massive floods related to
malware/viruses/worms are long gone.

Once again, sorry for the noise. I will try and do some more legwork
before hitting up the list :-)

-JP

-------------------------------------------------------------------------
This list sponsored by: SPI Dynamics

ALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper 
It's as simple as placing additional SQL commands into a Web Form input box 
giving hackers complete access to all your backend systems! Firewalls and IDS 
will not stop such attacks because SQL Injections are NOT seen as intruders. 
Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! 

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8E
--------------------------------------------------------------------------