[nsp-sec] UDP Destination Port 34447 ?
Tim Wilde
twilde at cymru.com
Wed Jul 13 09:30:07 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 7/13/2011 8:49 AM, Kurt Jaeger wrote:
> ----------- nsp-security Confidential --------
>
> Hi!
>
>> Does anyone know about malware that sends packets to udp port 34447
>> ?
>
> To be more exact:
>
> tos 0x0, ttl 127, id 161, offset 0, flags [none], proto UDP (17),
> length 34)
>
> [udp sum ok] UDP, length 6
>
> The UDP contents are six NUL-bytes.
Kurt,
At first glance those look like UDP traceroute packets, as UNIX
traceroute defaults to a starting port of 33434, that would be expected
at some point in the sequence.
Regards,
Tim
- --
Tim Wilde, Senior Software Engineer, Team Cymru, Inc.
twilde at cymru.com | +1-630-230-5433 | http://www.team-cymru.org/
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAk4dnd8ACgkQluRbRini9thyuACfRrw+V5xl9wi54JiEw+GPyKjx
+OMAnjUaBlxGKU786lIwVrKA5+sMZKov
=TpXN
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list