Re: Lots of incoming traffic on UDP 1026 and UDP 1027?

From: Sebastian (security-basics_at_helsinki.fi.eu.org)
Date: 12/28/04

  • Next message: Raoul Armfield: "RE: Blocking Access to Non-domain computers" 
    Date: Tue, 28 Dec 2004 20:05:06 +0200
To: Scott Bauer <scottybauer@gmail.com>

    Scott,
    If you have a look at the original CSV you'll agree it can hardly be
    called DDOS or even an attack. Stupidity and old Messneger abuse is my
    guess. A good reason to check what services you should be running though.

    Regards,

     -Sebastian

    Scott Bauer wrote:

    >Sounds Like a Denial of service attack. Contact your ISP and tell them
    >that you think you are getting A DDOS attack... Tell them to close
    >those ports for a day or so.. then you problem should be solved.
    >
    >
    >On Mon, 27 Dec 2004 12:34:41 -0600, FocusHacks <focushacks@gmail.com> wrote:
    >
    >
    >>I searched the archives at SecurityFocus and couldn't come up with
    >>anything useful other than someone with Zone Alarm obviously saw the
    >>same activity and people were trying to tell him to look for listening
    >>ports on his machine, which is not the case.
    >>
    >>I'm getting literally hammered by tons of various IP's on UDP 1026 and UDP 1027
    >>
    >>I've attached a CSV log, modified a bit, from my NetScreen 5. I only
    >>showed the last 15 bytes of the Source IP:Port so the first octet,
    >>give or take a few bytes, is cut off. I left a few columns out as
    >>well.
    >>
    >>Let me know, this has been going on for quite a while, and all my
    >>searches are ending in vain. Any ideas?
    >>
    >>--
    >>http://www.FocusHacks.com - The Ford Focus Modification Site!
    >>
    >>
    >>
    >>
    >>
    >
    >
    >
    >

  • Next message: Raoul Armfield: "RE: Blocking Access to Non-domain computers"

    Relevant Pages

    • Re: Democrats on a roll...
      ... Your first response to doug/scott's personal attack was anger. ... For I am strong enough emotionally and intellectually to speak the truth as I see it and to hell with what anyone else thinks. ... Long before that, I reciprocated when doug, then scott, said some nasty things about me. ... from Texas so if I'm a frog then yes I'm a big one. ...
      (misc.transport.trucking)
    • Re: IPspoofing
      ... The short answer is that, especially if the threat is DDoS, you can't. ... to disguise the true source of the attack. ... > Este mensaje puede contener información confidencial y/o privilegiada. ... Internet communications are not secure and therefore the Barclays ...
      (Security-Basics)
    • Re: Democrats on a roll...
      ... If you remember I established my credentcials with Popeye and Scott and that was that. ... Your first response to doug/scott's personal attack was anger. ... everyone now recognizes you for the hypocrite you are. ... Since 35% of texas citizens are Latino, and several million more reside in Texas illegally, it stands to reason that Texans on average are smaller than, say, the average citizen of MS. ...
      (misc.transport.trucking)
    • RE: any recommendable anti-ddos solution?
      ... With DDOS you cannot simply block a host, DDOS is originating from lots of ... different subnets on different geographic locations, so blocking a host ... attack, for example if I know you have an IPS system that denies traffic ... and the switch that goes to everything else inside the network. ...
      (Security-Basics)
    • RE: Client DDoS requests, ideas?
      ... The DDOS protection company you are thinking about is www.prolexic.com ... take into consideration that a real DDOS attack will not only take down the ... Asunto: Re: Client DDoS requests, ...
      (Pen-Test)