Home page logo
/

basics logo Security Basics mailing list archives

Strange connections to port 42935
From: Ken Gilmour <ken.gilmour () gmail com>
Date: Tue, 14 Apr 2009 16:58:19 -0600

Hi,

I am seeing millions of connections to random IP addresses on several
of my networks originating from port 53 trying to connect to port
42935. The machines which are trying to connect from port 53 are not
listening on that port and are therefore likely not DNS servers, just
machines trying to spoof (and the requests are definitely not
originating from my network).

It would initially appear to be a Distributed UDP flood, however the
amount of traffic is insignificant so i wouldn't put it in the DDoS
class since it is not having any effect... I am just wondering if
there is something new out there trying out some new exploit on this
port?

Regards,

Ken

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a 
Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized 
certs available, online computer forensics training available.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • Strange connections to port 42935 Ken Gilmour (Apr 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]