Home page logo

basics logo Security Basics mailing list archives

Re: Lots of incoming traffic on UDP 1026 and UDP 1027?
From: Sebastian <security-basics () helsinki fi eu org>
Date: Tue, 28 Dec 2004 20:05:06 +0200

If you have a look at the original CSV you'll agree it can hardly be called DDOS or even an attack. Stupidity and old Messneger abuse is my guess. A good reason to check what services you should be running though.



Scott Bauer wrote:

Sounds Like a Denial of service attack. Contact your ISP and tell them
that you think you are getting A DDOS attack... Tell them to close
those ports for a day or so.. then you problem should be solved.

On Mon, 27 Dec 2004 12:34:41 -0600, FocusHacks <focushacks () gmail com> wrote:
I searched the archives at SecurityFocus and couldn't come up with
anything useful other than someone with Zone Alarm obviously saw the
same activity and people were trying to tell him to look for listening
ports on his machine, which is not the case.

I'm getting literally hammered by tons of various IP's on UDP 1026 and UDP 1027

I've attached a CSV log, modified a bit, from my NetScreen 5.  I only
showed the last 15 bytes of the Source IP:Port so the first octet,
give or take a few bytes, is cut off.  I left a few columns out as

Let me know, this has been going on for quite a while, and all my
searches are ending in vain.  Any ideas?

http://www.FocusHacks.com - The Ford Focus Modification Site!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]