Re: Increased activity on UDP/1434

• Previous message: Dejan: "Re: Increased activity on UDP/1434"
• In reply to: Dmitri Smirnov: "Increased activity on UDP/1434"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 25 Jan 2003 09:18:38 -0500
From: Dave Aitel <dave@immunitysec.com>
To: incidents@securityfocus.com

Here's my comments on the asm, for those of you who don't read fluent
x86. :>

http://www.immunitysec.com/disassembly.txt
-dave

On Fri, 24 Jan 2003 23:05:03 -0800
"Dmitri Smirnov" <Dmitri.Smirnov@fusepoint.com> wrote:

>
> Having a big number of connections on UDP/1434 from a random IPs in
> Internet on
> a different networks. One hour ago (22:00 PST) one server in colo
> space started to initiate
> a hundreds of connection per second to diff. hosts on Internet to port
> UDP/1434 (isolated).
> New worms? DDoS? Is anyone experience the same?
>
>
> Dmitri Smirnov, SSCP
> Security Team
> Fusepoint Managed Services Inc.
> Suite 2323, Three Bentall Centre
> 595 Burrard Street
> P.O. Box 49336
> Vancouver B.C. V7X 1L4
> Phone: (604) 687-7757
> Fax: (604) 687-7761
> Email: Dmitri.Smirnov@fusepoint.com
>
>
> ---------------------------------------------------------------------
> ------- This list is provided by the SecurityFocus ARIS analyzer
> service. For more information on this free incident handling,
> management and tracking system please see:
> http://aris.securityfocus.com
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Next message: kris carlier: "Re: strange traffic"
• Previous message: Dejan: "Re: Increased activity on UDP/1434"
• In reply to: Dmitri Smirnov: "Increased activity on UDP/1434"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]