RE: Lots of incoming traffic on UDP 1026 and UDP 1027?

From: Paul Duffany (paul.duffany_at_sanmina-sci.com)
Date: 12/29/04

Next message: G Farnham: "Simple Firewall"

Previous message: Aaron Berg: "Re: bridge detection"
In reply to: FocusHacks: "Lots of incoming traffic on UDP 1026 and UDP 1027?"
Next in thread: T. Shannon Gilvary: "Re: Lots of incoming traffic on UDP 1026 and UDP 1027?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <webmaster@focushacks.com>, <security-basics@securityfocus.com>
Date: Tue, 28 Dec 2004 15:09:37 -0800

Directory hacks against a mail server?

Paul Duffany
Network Engineer
Sanmina-SCI Corporation
desk: 408-904-2428
cell: 408-234-0958

John 3:16
1st Corinthians 13

********************************* Notice
*****************************************************
This electronic mail transmission may contain confidential or privileged
information.
If you believe you have received the message in error, please notify the
sender by
reply transmission and delete the message without copying or disclosing it.

-----Original Message-----
From: FocusHacks [mailto:focushacks@gmail.com]
Sent: Monday, December 27, 2004 10:35 AM
To: security-basics@securityfocus.com
Subject: Lots of incoming traffic on UDP 1026 and UDP 1027?

I searched the archives at SecurityFocus and couldn't come up with
anything useful other than someone with Zone Alarm obviously saw the
same activity and people were trying to tell him to look for listening
ports on his machine, which is not the case.
I'm getting literally hammered by tons of various IP's on UDP 1026 and UDP
1027
I've attached a CSV log, modified a bit, from my NetScreen 5. I only
showed the last 15 bytes of the Source IP:Port so the first octet,
give or take a few bytes, is cut off. I left a few columns out as
well.
Let me know, this has been going on for quite a while, and all my
searches are ending in vain. Any ideas?

--
http://www.FocusHacks.com - The Ford Focus Modification Site!
____________________________________________________________________________
_
Scanned by Sanmina-SCI eShield
____________________________________________________________________________
_

Next message: G Farnham: "Simple Firewall"

Previous message: Aaron Berg: "Re: bridge detection"
In reply to: FocusHacks: "Lots of incoming traffic on UDP 1026 and UDP 1027?"
Next in thread: T. Shannon Gilvary: "Re: Lots of incoming traffic on UDP 1026 and UDP 1027?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]