Re: 2002/udp flood
From: Mike Nowlin (mike@mail1.viewsnet.com)Date: 08/28/02
- Previous message: Hugo van der Kooij: "RE: What's going on here?"
- In reply to: Richard L. Anderson: "2002/udp flood"
- Next in thread: Joe Kellner: "Re: 2002/udp flood"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Mike Nowlin" <mike@mail1.viewsnet.com> To: "Richard L. Anderson" <anderson@unt.edu> Date: Wed, 28 Aug 2002 02:03:04 -0400
Richard L. Anderson writes:
> I have a FreeBSD web server that is receiving large amounts of UDP
> traffic to port 2002. Here is an example of the traffic I'm seeing
> (Source and Destination IP addresses scrubbed):
Welcome to the club... :)
We have been experiencing the same thing for a little over a week, on and
off. Sometimes, there's enough incoming UDP traffic to slow access to a
crawl, other times it's just a mild irritant (knowing that it's there), and
other times, it's completely gone. We were attacked via the Apache bug a
few weeks ago with the UDP port 2001 floods along with it - fixed the
server, removed the backdoor, and all was well for about two weeks. Then,
this started all over again on port 2002. (This time, however, I don't see
any evidence of an intrusion - just the UDP flooding.)
I'm not sure what this all adds up to - a lack of any similar reports made
me think that we were under an "aimed specifically at you" DDoS attack, but
now I'm wondering...
--Mike
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Hugo van der Kooij: "RE: What's going on here?"
- In reply to: Richard L. Anderson: "2002/udp flood"
- Next in thread: Joe Kellner: "Re: 2002/udp flood"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
