Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Lots of incoming traffic on UDP 1026 and UDP 1027?

from [JGrimshaw] Network Security [Permanent Link]
Subject: Re: Lots of incoming traffic on UDP 1026 and UDP 1027?
Date: Tue, 28 Dec 2004 11:53:31 -0600 
I initially thought that, too, that it was a DDOS, but the csv log had 
significant gaps of time between instances--a DDOS would have lots coming 
in at the same time, not a few every 10 or 20 minutes. 

Certainly there were a number of illicit connection attempts, but the log 
is for two days and there was only 190 or so connection attempts--I don't 
think it is a DDOS.







Scott Bauer <scottybauer@gmail.com> 
12/28/2004 11:37 AM
Please respond to
Scott Bauer <scottybauer@gmail.com>


To
webmaster@focushacks.com
cc
security-basics@securityfocus.com
Subject
Re: Lots of incoming traffic on UDP 1026 and UDP 1027?






Sounds Like a Denial of service attack. Contact your ISP and tell them
that you think you are getting A DDOS attack... Tell them to close
those ports for a day or so.. then you problem should be solved.


On Mon, 27 Dec 2004 12:34:41 -0600, FocusHacks <focushacks@gmail.com> 
wrote:

I searched the archives at SecurityFocus and couldn't come up with
anything useful other than someone with Zone Alarm obviously saw the
same activity and people were trying to tell him to look for listening
ports on his machine, which is not the case.

I'm getting literally hammered by tons of various IP's on UDP 1026 and 

UDP 1027


I've attached a CSV log, modified a bit, from my NetScreen 5.  I only
showed the last 15 bytes of the Source IP:Port so the first octet,
give or take a few bytes, is cut off.  I left a few columns out as
well.

Let me know, this has been going on for quite a while, and all my
searches are ending in vain.  Any ideas?

--
http://www.FocusHacks.com - The Ford Focus Modification Site!






-- 
IF SOMETHING DOSENT WORK DENY YOU EVER TRIED
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: bridge detection, David Gillett
Next by Date:  Re: Lots of incoming traffic on UDP 1026 and UDP 1027?, JGrimshaw
Previous by Thread:  Re: Lots of incoming traffic on UDP 1026 and UDP 1027?, Scott Bauer
Next by Thread:  Re: Lots of incoming traffic on UDP 1026 and UDP 1027?, Sebastian
Indexes:  [Date] [Thread] [Top] [All Lists]