On Dec 14, 2007 12:05 PM, Bob Holowenko <holowenko@gmail.com> wrote:
Personally I do not think we have to worry about traffic from doubleclick.
They were bought out by Google last spring I believe. As for traffic on port
1234 I have not seen any increase in it. I will however be setting up some
packet sniffing on my network edge to see if I can get more information
about what is being carried in those packet.
Anyone have any wireshark caps already?
OK, I figured this one out with a little help from wireshark and the
machines receiving the traffic. Apparently 1234/UDP is used for a
proprietary Video Streaming application.
I think what I will take away from this is that while the last time I
was watching this much traffic, viruses were noisy and big. Today, the
ones to worry about are DDoS (80,53, 433, 8080, etc) and quiet C&C
channels. I guess the days of massive floods related to
malware/viruses/worms are long gone.
Once again, sorry for the noise. I will try and do some more legwork
before hitting up the list :-)
-JP
-------------------------------------------------------------------------
This list sponsored by: SPI Dynamics
ALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper
It's as simple as placing additional SQL commands into a Web Form input box
giving hackers complete access to all your backend systems! Firewalls and IDS
will not stop such attacks because SQL Injections are NOT seen as intruders.
Download this *FREE* white paper from SPI Dynamics for a complete guide to
protection!
https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8E
--------------------------------------------------------------------------
