RE: UDP Port Sweep question
From: Benjamin Franz (snowhare_at_nihongo.org)
Date: 12/29/04
- Previous message: Tim: "Re: UDP Port Sweep question"
- In reply to: Billy Dodson: "RE: UDP Port Sweep question"
- Next in thread: Jack McCarthy: "RE: UDP Port Sweep question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Dec 2004 12:11:21 -0800 (PST) To: Billy Dodson <billy@pmm-i.com>
On Wed, 29 Dec 2004, Billy Dodson wrote:
> Here is some more info regarding the port sweeps. The port the client
> is being hit on seems to vary. The client is being hit on the same 8
> port range from each IP port 33434-33460. All 3 sensors from the 3
> different clients show the same destination port range. The sensors are
> cisco IDS sensors and I am unsure as to how to get the actual packet
> from the event.
That port range smells like traceroutes. I've seen a lot of that kind of
traffic to nameservers, mail servers and HTTP proxies. It often originates
from load balancing DNS systems and other such things.
-- Benjamin Franz "All right, where is the answer? The battle of wits has begun. It ends when you click and we both serve pages - and find out who is right, and who is slashdotted." - David Brandt
- Previous message: Tim: "Re: UDP Port Sweep question"
- In reply to: Billy Dodson: "RE: UDP Port Sweep question"
- Next in thread: Jack McCarthy: "RE: UDP Port Sweep question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
