Re: DOD Inside

[Frank Knobbe <frank () knobbe us>]

On Sat, 2006-04-08 at 02:18 +0000, mailcentre2 () gmail com wrote:
> Having read about the DoD IP issues in here, I thought I might add my 0.02:
>
> My router logs from the 28-03-2006 show a very strange sequence of port attempts.
>
> Tue, 2006-03-28 05:20:52 - UDP Packet - Source:7.12.12.16,13364 Destination:xx.xx.xx.xx,1035 - [DOS]
> Tue, 2006-03-28 11:22:41 - UDP Packet - Source:7.12.12.16,13364 Destination:xx.xx.xx.xx,1033 - [DOS]
> Tue, 2006-03-28 11:22:41 - UDP Packet - Source:7.12.12.16,13364 Destination:xx.xx.xx.xx,1035 - [DOS]
> Tue, 2006-03-28 17:25:53 - UDP Packet - Source:7.12.12.16,13364 Destination:xx.xx.xx.xx,1033 - [DOS]
> [...]

These look like MS messenger pop-up spam (starting at port 1025 and now
going into the mid/high-30s). The source address is likely spoofed. If
you take a look at these packets with ngrep or tcpdump, I'm sure you
find either advertising or a message saying your computer is infected
and you need to visit a certain web site.

I doubt the source is real, and wouldn't worry about it. That's the
stuff firewalls are supposed to filter :)

Cheers,
Frank

-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

Attachment: signature.asc
Description: This is a digitally signed message part