[nsp-sec] Odd "attack" traffic
Johannes B. Ullrich
jullrich at euclidian.com
Tue Dec 28 19:01:14 EST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
I am seeing almost no traffic on that port. Any more details? (full packet captures, source port?)
Johannes Ullrich
jullrich at euclidian.com
(757) 726 7528
On Dec 28, 2010, at 6:52 PM, Kevin Oberman wrote:
> ----------- nsp-security Confidential --------
>
> For some time I have been seeing I have been continual packets destined
> for an unused port, 17368/udp. I've looked around for some idea of what
> the reason might be for this, ut all I can find is a passing reference
> to apache v2.
>
> I see dozens of packets to this port almost every night, usually all
> from one or two remote addresses, though yesterday had six systems
> poking at it again and again.
>
> Any clues on what this is all about?
> --
> R. Kevin Oberman, Network Engineer
> Energy Sciences Network (ESnet)
> Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> E-mail: oberman at es.net Phone: +1 510 486-8634
> Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEAREDAAYFAk0aekoACgkQPNuXYcm/v/358QCdHbtjdwH1neZnimF4sTIlvnHC
MP8AnRbotoTcE3hr07ywCXTE8ddcqAGM
=WQ3C
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list