Security Incidents mailing list archives
Re: DOD Inside
From: Frank Knobbe <frank () knobbe us>
Date: Mon, 10 Apr 2006 07:27:02 -0500
On Sat, 2006-04-08 at 02:18 +0000, mailcentre2 () gmail com wrote:
Having read about the DoD IP issues in here, I thought I might add my 0.02: My router logs from the 28-03-2006 show a very strange sequence of port attempts. Tue, 2006-03-28 05:20:52 - UDP Packet - Source:7.12.12.16,13364 Destination:xx.xx.xx.xx,1035 - [DOS] Tue, 2006-03-28 11:22:41 - UDP Packet - Source:7.12.12.16,13364 Destination:xx.xx.xx.xx,1033 - [DOS] Tue, 2006-03-28 11:22:41 - UDP Packet - Source:7.12.12.16,13364 Destination:xx.xx.xx.xx,1035 - [DOS] Tue, 2006-03-28 17:25:53 - UDP Packet - Source:7.12.12.16,13364 Destination:xx.xx.xx.xx,1033 - [DOS] [...]
These look like MS messenger pop-up spam (starting at port 1025 and now going into the mid/high-30s). The source address is likely spoofed. If you take a look at these packets with ngrep or tcpdump, I'm sure you find either advertising or a message saying your computer is infected and you need to visit a certain web site. I doubt the source is real, and wouldn't worry about it. That's the stuff firewalls are supposed to filter :) Cheers, Frank -- It is said that the Internet is a public utility. As such, it is best compared to a sewer. A big, fat pipe with a bunch of crap sloshing against your ports.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: DOD Inside mailcentre2 (Apr 07)
- Re: DOD Inside Valdis . Kletnieks (Apr 07)
- Re: DOD Inside Peter Kosinar (Apr 09)
- Re: DOD Inside Frank Knobbe (Apr 10)
- Re: DOD Inside Jamie Riden (Apr 10)
- Re: DOD Inside Valdis . Kletnieks (Apr 07)