Re: Unknown UDP packets - should I worry?
From: Ian Jones (ian@dsl081-056-052.sfo1.dsl.speakeasy.net)Date: 12/18/01
- Next message: Ian Jones: "Re: Manage two IP , what i need ?"
- Previous message: Ian Jones: "Re: Deutsche-Telekom sets the standard for network security! (??)"
- In reply to: David Tillotson: "Unknown UDP packets - should I worry?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Ian Jones <ian@dsl081-056-052.sfo1.dsl.speakeasy.net> Date: Tue, 18 Dec 2001 07:55:56 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Tillotson <david.tillotson@microvue.com> writes:
> I was running iptraf for a while yesterday (complaints of slow access
> from users), and noticed that was a lot of UDP traffic to very high
> ports (61000+), from fairly high ports (1500~3000), and from numerous
> IPs, all either 37 or 44 bytes. Should I be concerned about these (a
> quick whois shows most are Korean, with a couple of Danes thrown in),
> or is it simply something I haven't noticed before (I very rarely run
> iptraf, and anything not specifically accepted or denied is silently
> dropped by the firewall).
It wasn't quite clear from your post if you are seeing traffic flowing
past your firewall or not. Is this traffic inside your protected
areas?
How 'bout a few packet captures for us?
-----BEGIN PGP SIGNATURE-----
Comment: Keeping the world safe for geeks.
iD8DBQE8H2cMwBVKl/Nci0oRAo+PAKCV3jCQA+VziTEa+VIYeat176Y+IwCg/sYP
AyiX+iIQLXSVx70WtA/wHMc=
=wAiZ
-----END PGP SIGNATURE-----
- Next message: Ian Jones: "Re: Manage two IP , what i need ?"
- Previous message: Ian Jones: "Re: Deutsche-Telekom sets the standard for network security! (??)"
- In reply to: David Tillotson: "Unknown UDP packets - should I worry?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
