Re: [nsp] UDP 1015

• Next message: Scott.Keoseyan@BroadWing.com: "RE: [nsp] 7505 and new VIP2-50 issue"
• Previous message: dhudson: "Re: [nsp] UDP 1015"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Angelo Neacsu wrote:
>
> On Tue, 14 Nov 2000, dhudson wrote:
>
> > Angelo Neacsu wrote:
> > >
> > > I get this on my logs:
> > >
> > > list 143 denied udp 192.168.102.1(1015) (Ethernet1/0 0060.520b.5a77) ->
> > > 255.255.255.255(1015), 726 packets
> > >
> > > Why ?
> > > Is this an attack from a spoofed IP ?
> > no, this is a trojan attempting to use to bcast for a
> > listener.
>
> OK. But the IP 192.168.102.1 is not from my internal system ? How could I
> scan for this toian ?

of course its not...its from the 'source'...anyway...

if you got a router choking do this...

one direction --->
access-list ### deny ip any 255.255.255.255 0.0.0.0 log

the other direction <---
access-list ### deny ip 255.255.255.255 0.0.0.0 any log

!!!bam

---------------------------------------------------
my lord tzu, running away is the first martial tao
            archery sifu to sun tzu
---------------------------------------------------

• Next message: Scott.Keoseyan@BroadWing.com: "RE: [nsp] 7505 and new VIP2-50 issue"
• Previous message: dhudson: "Re: [nsp] UDP 1015"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:21 EDT