Re: UDP port 500 traffic from two clients
From: Hugo van der Kooij (hvdkooij@vanderkooij.org)Date: 01/28/02
- Previous message: Gary Flynn: "Re: UDP port 500 traffic from two clients"
- In reply to: Gary Flynn: "Re: UDP port 500 traffic from two clients"
- Next in thread: Toni Heinonen: "RE: UDP port 500 traffic from two clients"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Jan 2002 22:25:42 +0100 (CET) From: Hugo van der Kooij <hvdkooij@vanderkooij.org> To: Incidents Mailing List <incidents@securityfocus.com>
On Mon, 28 Jan 2002, Gary Flynn wrote:
> Chris Wilkes wrote:
> >
> > I recently moved and changed IP addresses within my ISP's block and two
> > IP addresses from mediaone.net and home.com hit me a couple of times a
> > minute with a UDP request to port 500.
>
> Code Red and Nimda infected machines will reportedly generate port
> 500 traffic.
Port 500 is NOT part of CodeRed. I doubt that nimda uses them.
I get hit enough by them but just on port 80. To get a feel of what a
normal XS4ALL ADSL server get hit by have a look at:
http://hvdkooij.xs4all.nl/fwlog/
Only SMTP and HTTP is normal traffic and not logged there.
Hugo.
--
All email send to me is bound to the rules described on my homepage.
hvdkooij@vanderkooij.org http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Gary Flynn: "Re: UDP port 500 traffic from two clients"
- In reply to: Gary Flynn: "Re: UDP port 500 traffic from two clients"
- Next in thread: Toni Heinonen: "RE: UDP port 500 traffic from two clients"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
