[Intrusions] UDP traffic on port 48864
Andrew Daviel
andrew at andrew.triumf.ca
Mon Jun 13 22:42:17 GMT 2005
I've been seeing UDP traffic sent to a host here on port 48864; it seems
to all (or mostly) targetted at one particular host, which does not seem
to respond (apart from maybe ICMP unreachable). It's from random places
on the net (including residential, like P2P), but the packets are quite
small (15-500 bytes) and don't seem to have any ASCII content.
I found it by accident; a machine offsite sent a virus to our mailserver
and also to this host (which does not do mail) and when I looked back saw
this UDP stuff. The user has run things like skype and itunes, but no
P2P and the machine appears to be clean (Symantec, Microsoft
anti-spyware)
Any ideas ? I can publish some data if it's useful.
.. I did look on Google and a couple of port lists but nothing caught my
eye.
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
security at triumf.ca
More information about the Intrusions
mailing list