RE: Increase probe on UDP port 1026

["Rodrigues, Philip" <phil.rodrigues () uconn edu>]

I'm sitting in front of two Class B's.  We saw a steady increase in the unique external IPs scanning us for UDP 1026, 
1030 today since 0700 EST.  This chart shows the number of unique external IPs with incoming UDP 1026 traffic per hour 
since noon.  First column is hour in EST:
 
00  209
01   93  
02   92   
03  112   
04   33    
05   34   
06   92    
07  211   
08  282   
09  409   
10  494   
11  598   
12  709
13  871    
14 1039    
15 1263    
16 1392    
17 1559    
18 1722   
19 1905
 
UDP 1030 also appears to be increasing at the same rate.  I took samples at 12:00, 14:00, 16:00, and 18:00 and got 
results of 833, 1205, 1448, and 1784.
 
We had two hosts pop up today and start scanning for this - I will try to get my hands on them tomorrow.
 
Phil
 
=======================================
Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut

email: phil.rodrigues () uconn edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu <http://www.security.uconn.edu> 
=======================================


        -----Original Message----- 
        From: full-disclosure-admin () lists netsys com on behalf of Irwan Hadi 
        Sent: Mon 12/1/2003 6:40 PM 
        To: full-disclosure () lists netsys com 
        Cc: 
        Subject: [Full-disclosure] Increase probe on UDP port 1026
        
        
         

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html