Re: [nsp] UDP 1015

From: dhudson (dhudson@pilot.net)
Date: Tue Nov 14 2000 - 14:56:50 EST


Angelo Neacsu wrote:
>
> On Tue, 14 Nov 2000, dhudson wrote:
>
> > Angelo Neacsu wrote:
> > >
> > > I get this on my logs:
> > >
> > > list 143 denied udp 192.168.102.1(1015) (Ethernet1/0 0060.520b.5a77) ->
> > > 255.255.255.255(1015), 726 packets
> > >
> > > Why ?
> > > Is this an attack from a spoofed IP ?
> > no, this is a trojan attempting to use to bcast for a
> > listener.
>
> OK. But the IP 192.168.102.1 is not from my internal system ? How could I
> scan for this toian ?

of course its not...its from the 'source'...anyway...

if you got a router choking do this...

one direction --->
access-list ### deny ip any 255.255.255.255 0.0.0.0 log

the other direction <---
access-list ### deny ip 255.255.255.255 0.0.0.0 any log

!!!bam

---------------------------------------------------
my lord tzu, running away is the first martial tao
            archery sifu to sun tzu
---------------------------------------------------



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:21 EDT