Security Incidents mailing list archives
UDP packets from Apache ? New DDOS ?
From: "Dave Foster" <dave () canadian net>
Date: Wed, 7 Jul 2004 13:51:02 -0400
Hi All, Some months ago, we notices a large amount of outbound traffic. Shutting down our Apache webserver, stopped it. After a restart, it never reoccurred, I assumed some glitch that was corrected by the restart. We did NOT have the SSL bug This morning, a system admin in Austria, informed me that his box was streaming UDP packets at us. This coincided with a major DDOS attack against us. Shutting down his Apache resolved the issue, and he is now temporarily blocking UDP from that host. He has provided a TCPdump to me, a portion of which follows. Can anyone shed some light, on what might be the cause, has it been seen before? 07:40:52.116687 IP 192.168.1.106.49043 > 209.123.78.248.50567: UDP, = length: 1000 0x0000: 4500 0404 0000 4000 4011 5463 c0a8 016a = E.....@.@.Tc...j 0x0010: d17b 4ef8 bf93 c587 03f0 2703 4242 4242 = .{N.......'.BBBB 0x0020: 4242 4242 4242 4242 4242 4242 4242 4242 = BBBBBBBBBBBBBBBB 0x0030: 4242 4242 4242 BBBBBB Dave Foster Systems Administrator, Canadian Net 1-800-427-8564 +1 416 245-1374 UK 0870 3400558 FAX +1 416 241-5274
Current thread:
- UDP packets from Apache ? New DDOS ? Dave Foster (Jul 07)
- RE: UDP packets from Apache ? New DDOS ? Bojan Zdrnja (Jul 08)
- RE: UDP packets from Apache ? New DDOS ? Wouter Clarie (Jul 08)
- RE: UDP packets from Apache ? New DDOS ? Bojan Zdrnja (Jul 09)
- RE: UDP packets from Apache ? New DDOS ? Wouter Clarie (Jul 08)
- <Possible follow-ups>
- RE: UDP packets from Apache ? New DDOS ? Strand, John (Jul 08)
- RE: UDP packets from Apache ? New DDOS ? Matthew . Dalton (Jul 08)
- Re: UDP packets from Apache ? New DDOS ? Dave Paris (Jul 09)
- RE: UDP packets from Apache ? New DDOS ? Frank Knobbe (Jul 09)
- Re: UDP packets from Apache ? New DDOS ? Will Stockwell (Jul 09)
- RE: UDP packets from Apache ? New DDOS ? Bojan Zdrnja (Jul 08)