Re: Strange attack question - seems udp
From: Christoph Gruber (list_at_guru.at)
Date: 10/21/05
- Previous message: foxxz.net_at_gmail.com: "Re: SSH bruteforce on its way..."
- In reply to: Mihai Tanasescu: "Re: Strange attack question - seems udp"
- Next in thread: David Gillett: "RE: Strange attack question - seems udp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Oct 2005 13:31:03 +0200 To: <incidents@securityfocus.com>
On 18.10.2005 13:21 Uhr "Mihai Tanasescu" wrote as <mihai@duras.ro>:
> Hello,
>
> Thanks for explainning the reason for udp ports not appearing in the
> tcpdump output.
> Well the Cisco 3750 is the gateway for my clients and not the
> destination host (so I can't figure why it starts choking)
>
> The source IP addresses belong to my clients (those with 86.104 ).
>
> And it usually happens like this:
> 3/4 ip addresses that belong to my clients contact the same 4-5 ip
> addresses like the one below (70.84.247.164) and start doing 98% only
> upload udp traffic.
>
> Is it possibly for a service to do so much upload compared to download ?
May be this is not the right question. You'd should rather question "what
the hell is talking to 70.84.247.164?"
And 98% upstream udp ist strange in the second step.
-- "Theoretisch ist es praktisch, aber praktisch ist es unpraktisch" Bernhard P.
- Previous message: foxxz.net_at_gmail.com: "Re: SSH bruteforce on its way..."
- In reply to: Mihai Tanasescu: "Re: Strange attack question - seems udp"
- Next in thread: David Gillett: "RE: Strange attack question - seems udp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
