|
Security Incidents
mailing list archives
DNS UDP Dos Attack?
From: James Kelty <james () TUNA ORG>
Date: Fri, 2 Mar 2001 14:46:16 -0800
Hello,
I am receiving ton of attempted UDP connections to an internal host. Connecting to this host is stopped at my
firewall, but my firewall is paying a stiff price. I have seen the available memory on my firewall go down my 1-2 Mbg
per minute while it trys to block all this traffic.
Has anyone seen systems trying to reach a DNS host via UDP to port 42326?
Here is a snippet of log files.
UDP out 209.10.34.23:8541 in 209.11.137.71:42326 idle 0:32:24 flags -
UDP out 209.10.34.39:29277 in 209.11.137.71:42326 idle 0:33:26 flags -
UDP out 207.235.38.3:28931 in 209.11.137.71:42326 idle 0:32:42 flags -
UDP out 209.10.34.39:33373 in 209.11.137.71:42326 idle 0:33:38 flags D-
UDP out 206.190.71.2:33812 in 209.11.137.71:42326 idle 0:33:49 flags D-
UDP out 193.141.40.42:1437 in 209.11.137.71:42326 idle 0:35:19 flags -
UDP out 63.91.4.4:12673 in 209.11.137.71:42326 idle 0:34:49 flags -
Thanks for any help!
-James
 By Date 
By Thread
Current thread:
- DNS UDP Dos Attack? James Kelty (Mar 02)
|
Intro
