strange traffic

All of lore.kernel.org
 help / color / mirror / Atom feed

* strange traffic
@ 2004-09-24 15:53 Askar
  2004-09-26 20:34 ` Jose Maria Lopez
  0 siblings, 1 reply; 2+ messages in thread
From: Askar @ 2004-09-24 15:53 UTC (permalink / raw)
  To: netfilter

hi all 
can someone tell me  what type of traffic is this....
#tcpdump -n port not 22 -c 100 and -t host xxx.xx.xx.xx

xx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36

xxx... is our client IP we are getting lot of like these.. days with
different source ip each time.
regards

-- 
(after bouncing head on desk for days trying to get mine working, I'll make
yer life a little easier)


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: strange traffic
  2004-09-24 15:53 strange traffic Askar
@ 2004-09-26 20:34 ` Jose Maria Lopez
  0 siblings, 0 replies; 2+ messages in thread
From: Jose Maria Lopez @ 2004-09-26 20:34 UTC (permalink / raw)
  To: netfilter

El vie, 24 de 09 de 2004 a las 17:53, Askar escribió:
> hi all 
> can someone tell me  what type of traffic is this....
> #tcpdump -n port not 22 -c 100 and -t host xxx.xx.xx.xx
> 
> xx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
> xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
> xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
> xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
> xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
> xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
> xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
> xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
> xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
> xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
> xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
> xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
> xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36
> 
> xxx... is our client IP we are getting lot of like these.. days with
> different source ip each time.
> regards

Port 36 is unnasigned, so it maybe it's a worm or any kind
of attack. You could stop it in your firewall with no problem.

-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2004-09-26 20:34 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-09-24 15:53 strange traffic Askar
2004-09-26 20:34 ` Jose Maria Lopez

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.