Home page logo
/

basics logo Security Basics mailing list archives

RE: Lots of incoming traffic on UDP 1026 and UDP 1027?
From: "Paul Duffany" <paul.duffany () sanmina-sci com>
Date: Tue, 28 Dec 2004 15:09:37 -0800


Directory hacks against a mail server?


Paul Duffany
Network Engineer
Sanmina-SCI Corporation
desk: 408-904-2428
cell: 408-234-0958




John 3:16
1st Corinthians 13



********************************* Notice
*****************************************************
This electronic mail transmission may contain confidential or privileged
information.
If you believe you have received the message in error, please notify the
sender by
reply transmission and delete the message without copying or disclosing it.


-----Original Message-----
From: FocusHacks [mailto:focushacks () gmail com]
Sent: Monday, December 27, 2004 10:35 AM
To: security-basics () securityfocus com
Subject: Lots of incoming traffic on UDP 1026 and UDP 1027?


I searched the archives at SecurityFocus and couldn't come up with
anything useful other than someone with Zone Alarm obviously saw the
same activity and people were trying to tell him to look for listening
ports on his machine, which is not the case.
I'm getting literally hammered by tons of various IP's on UDP 1026 and UDP
1027
I've attached a CSV log, modified a bit, from my NetScreen 5.  I only
showed the last 15 bytes of the Source IP:Port so the first octet,
give or take a few bytes, is cut off.  I left a few columns out as
well.
Let me know, this has been going on for quite a while, and all my
searches are ending in vain.  Any ideas?
--
http://www.FocusHacks.com - The Ford Focus Modification Site!
____________________________________________________________________________
_
Scanned by Sanmina-SCI eShield
____________________________________________________________________________
_


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault