Full Disclosure mailing list archives
Really ODD 12 byte UDP attempts
From: James Lay <jlay () slave-tothe-box net>
Date: Sun, 28 Aug 2005 21:29:18 -0600
Hey All! Since there doesn't seem to be much going on I thought I'd ask about this. I've searched and either I suck (must likely) or it's something else. Here's a snippet of what I see: Aug 28 06:57:01 kernel: New,invalid SRC=64.94.45.26 DST=24.116.255.102 LEN=32 PROTO=UDP SPT=11050 DPT=33440 LEN=12 This modified netfilter log line is just one of many I see. The only thing that all the attempts have in common is that the LEN=12 and that the DPT=344**. They usually come in bursts of 6 or 8. The reason I'm posting this now is because there have been a BOATLOAD of these in August...but not much in other months..as follows: April: 317 May: 176 June: 352 July: 292 August: 1207 To save time and space I have 2 files on a site: To view all source IP's: http://www.slave-tothe-box.net/udpsource.txt To view raw(edited) log: http://www.slave-tothe-box.net/udpedit.txt I looked up the ports on isc.sans.org but found nothing. Anything out there going on that I should know about? Thanks all! James _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Really ODD 12 byte UDP attempts James Lay (Aug 28)
- Re: Really ODD 12 byte UDP attempts Blue Boar (Aug 28)
- Re: Really ODD 12 byte UDP attempts Michael Hale (Aug 28)
- Re: Really ODD 12 byte UDP attempts James Lay (Aug 29)
- Re: Really ODD 12 byte UDP attempts Michael Hale (Aug 28)
- Re: Really ODD 12 byte UDP attempts Blue Boar (Aug 28)