Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: udp/4156

From: Peter Goodridge <petegdr () yahoo com>
Date: Tue, 24 Sep 2002 07:45:59 -0700 (PDT)
Colin,

UDP ports 1978, 2002, and 4156 are all used by the new
Apache/mod_ssl worm.  See www.cert.org.  If your
getting traffic from all over the planet your box is
probably compromised, and is being used against other
sites.

HTH,
Pete Goodridge

--- Colin Wu <wucolin () mcmaster ca> wrote:

Hi Snorters,

Has anyone seen, or know what traffic might be using
udp/4156 as both 
source and destination? I had a look on the Internet
Ports Database but 
found no reference to it. A host on my network seems
to be receiving a 
lot of these from all over the planet. Not enough
bandwidth usage to be 
noticable but snort picked up "bad frag bits" on
some of the packets.

-- 
   __     _             _            Network Analyst
  /  )   //            ' )   /       Computing &
Information Services
 /    __|/  o ____      / / / . .    McMaster
University
(__/ (_) \_<_/ / <_    (_(_/ (_/_    (905)525-9140
ext 24050
                                    
http://netman.McMaster.CA
Only get into a life boat if you have to step UP to
get into it.






-------------------------------------------------------

This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or
unsubscribe:


https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: