[Intrusions] UDP traffic on port 48864
Joel Esler
eslerj at gmail.com
Mon Jun 13 22:57:51 GMT 2005
The only hits I have on the port are Source Ports, so I can't help you there
:)
Sorry :(
Joel
On 6/13/05, Andrew Daviel <andrew at andrew.triumf.ca> wrote:
>
> I've been seeing UDP traffic sent to a host here on port 48864; it seems
> to all (or mostly) targetted at one particular host, which does not seem
> to respond (apart from maybe ICMP unreachable). It's from random places
> on the net (including residential, like P2P), but the packets are quite
> small (15-500 bytes) and don't seem to have any ASCII content.
>
> I found it by accident; a machine offsite sent a virus to our mailserver
> and also to this host (which does not do mail) and when I looked back saw
> this UDP stuff. The user has run things like skype and itunes, but no
> P2P and the machine appears to be clean (Symantec, Microsoft
> anti-spyware)
>
> Any ideas ? I can publish some data if it's useful.
>
> .. I did look on Google and a couple of port lists but nothing caught my
> eye.
>
>
> --
> Andrew Daviel, TRIUMF, Canada
> Tel. +1 (604) 222-7376 (Pacific Time)
> security at triumf.ca
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>
More information about the Intrusions
mailing list