Re: Lots of incoming traffic on UDP 1026 and UDP 1027?

JGrimshaw_at_ASAP.com
Date: 12/28/04

Next message: JGrimshaw_at_ASAP.com: "Re: Lots of incoming traffic on UDP 1026 and UDP 1027?"

Previous message: David Gillett: "RE: bridge detection"
In reply to: Scott Bauer: "Re: Lots of incoming traffic on UDP 1026 and UDP 1027?"
Next in thread: Sebastian: "Re: Lots of incoming traffic on UDP 1026 and UDP 1027?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Scott Bauer <scottybauer@gmail.com>
Date: Tue, 28 Dec 2004 11:53:31 -0600

I initially thought that, too, that it was a DDOS, but the csv log had
significant gaps of time between instances--a DDOS would have lots coming
in at the same time, not a few every 10 or 20 minutes.

Certainly there were a number of illicit connection attempts, but the log
is for two days and there was only 190 or so connection attempts--I don't
think it is a DDOS.

Scott Bauer <scottybauer@gmail.com>
12/28/2004 11:37 AM
Please respond to
Scott Bauer <scottybauer@gmail.com>

To
webmaster@focushacks.com
cc
security-basics@securityfocus.com
Subject
Re: Lots of incoming traffic on UDP 1026 and UDP 1027?

Sounds Like a Denial of service attack. Contact your ISP and tell them
that you think you are getting A DDOS attack... Tell them to close
those ports for a day or so.. then you problem should be solved.

On Mon, 27 Dec 2004 12:34:41 -0600, FocusHacks <focushacks@gmail.com>
wrote:
> I searched the archives at SecurityFocus and couldn't come up with
> anything useful other than someone with Zone Alarm obviously saw the
> same activity and people were trying to tell him to look for listening
> ports on his machine, which is not the case.
>
> I'm getting literally hammered by tons of various IP's on UDP 1026 and
UDP 1027
>
> I've attached a CSV log, modified a bit, from my NetScreen 5. I only
> showed the last 15 bytes of the Source IP:Port so the first octet,
> give or take a few bytes, is cut off. I left a few columns out as
> well.
>
> Let me know, this has been going on for quite a while, and all my
> searches are ending in vain. Any ideas?
>
> --
> http://www.FocusHacks.com - The Ford Focus Modification Site!
>
>
>

-- 
IF SOMETHING DOSENT WORK DENY YOU EVER TRIED

Next message: JGrimshaw_at_ASAP.com: "Re: Lots of incoming traffic on UDP 1026 and UDP 1027?"

Previous message: David Gillett: "RE: bridge detection"
In reply to: Scott Bauer: "Re: Lots of incoming traffic on UDP 1026 and UDP 1027?"
Next in thread: Sebastian: "Re: Lots of incoming traffic on UDP 1026 and UDP 1027?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]