Re: Lots of incoming traffic on UDP 1026 and UDP 1027?
Date: 12/28/04

  • Next message: Joe Hood: "Re: bridge detection"
    Date: Tue, 28 Dec 2004 11:39:04 -0600

    I believe it's windows messenger traffic, most likely spam.

    Search google for udp port 1026 and you'll get a lot of links regarding
    it. Activity to the windows messenger port seems to have been on the
    upswing since early December.

    I know that ICQ (a chat program) used udp port 1027. That could be spam
    coming in, too.

    FocusHacks <>
    12/27/2004 12:34 PM
    Please respond to


    Lots of incoming traffic on UDP 1026 and UDP 1027?

    I searched the archives at SecurityFocus and couldn't come up with
    anything useful other than someone with Zone Alarm obviously saw the
    same activity and people were trying to tell him to look for listening
    ports on his machine, which is not the case.

    I'm getting literally hammered by tons of various IP's on UDP 1026 and UDP

    I've attached a CSV log, modified a bit, from my NetScreen 5. I only
    showed the last 15 bytes of the Source IP:Port so the first octet,
    give or take a few bytes, is cut off. I left a few columns out as

    Let me know, this has been going on for quite a while, and all my
    searches are ending in vain. Any ideas?

    -- - The Ford Focus Modification Site!

  • Next message: Joe Hood: "Re: bridge detection"

    Relevant Pages

    • RE: Cisco VPN client
      ... The UDP port 10000 configuration reference is proprietary to the Cisco VPN ... transit between the VPN client and the concentrator. ...
    • Re: bind() udp behavior
      ... > clearing out a UDP connection in a firewall coming from a high port is ... Allowing a high numbered udp port to remain ... I think the current OpenAFS ...
    • Re: Easy RRAS VPN question
      ... L2TP traffic at the UDP port of 1701. ... the security layer encountered a processing error during initial ... Jarryd ...
    • Re: Auditing
      ... I still see scanners looking for UDP port 22 every once in a while ... (script kiddies looking for poorly configured PC-Anywhere instances). ... So, this could be unrelated to your incident, and just be some random ...
    • Re: tcludp - bug when closing 1-of-2 listening ports
      ... It is indeed linked with zero-sized UDP packets. ... Listening on udp port: 1300 ... recv at 1300: 4 ...