Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Strange UDP Activity

From: Jose Nazario <jose () monkey org>
Date: Tue, 16 Apr 2002 13:43:01 -0400 (EDT)
On Tue, 16 Apr 2002, Steve Vawter wrote:


Where did you find SMTP?  SMTP lives on port 25/tcp.  Unless some
sites run it in strange places for "security" through obscurity
reasons.


he said 'snmp', which sits on 167/udp. he also saaw 1067/udp. a typo,
perhaps, given the recent spate of snmp problems.




-----Original Message-----
From: LAVELLE,MICHAEL (HP-PaloAlto,ex1) [mailto:mlavelle () hp com]
Sent: Tuesday, April 16, 2002 8:36 AM
To: incidents () securityfocus com
Subject: Strange UDP Activity



I recently started seeing strange UDP traffic to my home DSL, which is
included below. It has been active for the last 4 days at all hours.
None of these IPs are DNS servers that I use, and much of the activity
is when all of my computers are off. Google led me to port 1067 as
being an SNMP port, but I have SNMP disabled on all devices at home,
and the ACL blocks it anyway.


___________________________
jose nazario, ph.d.                     jose () monkey org
                                        http://www.monkey.org/~jose/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: