| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050828212918.446e872b@homebox.slave-tothe-box.net> Date: Mon Aug 29 04:27:27 2005 From: jlay at slave-tothe-box.net (James Lay) Subject: Really ODD 12 byte UDP attempts Hey All! Since there doesn't seem to be much going on I thought I'd ask about this. I've searched and either I suck (must likely) or it's something else. Here's a snippet of what I see: Aug 28 06:57:01 kernel: New,invalid SRC=64.94.45.26 DST=24.116.255.102 LEN=32 PROTO=UDP SPT=11050 DPT=33440 LEN=12 This modified netfilter log line is just one of many I see. The only thing that all the attempts have in common is that the LEN=12 and that the DPT=344**. They usually come in bursts of 6 or 8. The reason I'm posting this now is because there have been a BOATLOAD of these in August...but not much in other months..as follows: April: 317 May: 176 June: 352 July: 292 August: 1207 To save time and space I have 2 files on a site: To view all source IP's: http://www.slave-tothe-box.net/udpsource.txt To view raw(edited) log: http://www.slave-tothe-box.net/udpedit.txt I looked up the ports on isc.sans.org but found nothing. Anything out there going on that I should know about? Thanks all! James
Powered by blists - more mailing lists