Security Incidents mailing list archives
UDP packets from Apache ? New DDOS ?
From: "Dave Foster" <dave () canadian net>
Date: Wed, 7 Jul 2004 13:51:02 -0400
Hi All,
Some months ago, we notices a large amount of outbound traffic. Shutting
down our Apache webserver, stopped it. After a restart, it never reoccurred,
I assumed some glitch that was corrected by the restart. We did NOT have the
SSL bug
This morning, a system admin in Austria, informed me that his box was
streaming UDP packets at us. This coincided with a major DDOS attack against
us. Shutting down his Apache resolved the issue, and he is now temporarily
blocking UDP from that host. He has provided a TCPdump to me, a portion of
which follows. Can anyone shed some light, on what might be the cause, has
it been seen before?
07:40:52.116687 IP 192.168.1.106.49043 > 209.123.78.248.50567: UDP, =
length: 1000
0x0000: 4500 0404 0000 4000 4011 5463 c0a8 016a =
E.....@.@.Tc...j 0x0010: d17b 4ef8 bf93 c587 03f0 2703 4242 4242 =
.{N.......'.BBBB
0x0020: 4242 4242 4242 4242 4242 4242 4242 4242 =
BBBBBBBBBBBBBBBB
0x0030: 4242 4242 4242 BBBBBB
Dave Foster
Systems Administrator, Canadian Net
1-800-427-8564
+1 416 245-1374
UK 0870 3400558
FAX +1 416 241-5274
Current thread:
- UDP packets from Apache ? New DDOS ? Dave Foster (Jul 07)
- RE: UDP packets from Apache ? New DDOS ? Bojan Zdrnja (Jul 08)
- RE: UDP packets from Apache ? New DDOS ? Wouter Clarie (Jul 08)
- RE: UDP packets from Apache ? New DDOS ? Bojan Zdrnja (Jul 09)
- RE: UDP packets from Apache ? New DDOS ? Wouter Clarie (Jul 08)
- <Possible follow-ups>
- RE: UDP packets from Apache ? New DDOS ? Strand, John (Jul 08)
- RE: UDP packets from Apache ? New DDOS ? Matthew . Dalton (Jul 08)
- Re: UDP packets from Apache ? New DDOS ? Dave Paris (Jul 09)
- RE: UDP packets from Apache ? New DDOS ? Frank Knobbe (Jul 09)
- Re: UDP packets from Apache ? New DDOS ? Will Stockwell (Jul 09)
- RE: UDP packets from Apache ? New DDOS ? Bojan Zdrnja (Jul 08)