[Dshield] UDP barage

John Sage jsage at finchhaven.com
Sat Jul 6 05:46:42 GMT 2002


Dean:

On Fri, Jul 05, 2002 at 09:56:28PM -0400, Dean wrote:
> Pie ChartsI'm a bit of a novice at all this.  I see moderate activity daily
> but never anything like this.  I had another set of UDP events earlier
> today.  Can someone explain what this means?
> 
> Thanks,
> 
> Dean
> 
> 2002-07-05 21:31:46 -04:00 21836384 1 168.143.114.45 37087 24.159.164.202
> 33476 UDP
> 2002-07-05 21:31:51 -04:00 21836384 1 168.143.114.45 37087 24.159.164.202
> 33477 UDP
> 2002-07-05 21:31:56 -04:00 21836384 1 168.143.114.45 37087 24.159.164.202
> 33478 UDP
> 2002-07-05 21:32:01 -04:00 21836384 1 168.143.114.45 37087 24.159.164.202
> 33479 UDP

This looks quite a bit like the protocol (UDP) and the port range used
by traceroute.

See:

http://andrew.triumf.ca/ports/udp.33434.html

"Used by the Unix traceroute command, commonly used for verifying
Internet connections. traceroute by default uses a base port of
33434 and increments by one each hop (so in practice uses ports
between 33435 and 33465)"


If the traceroute started on a higher port, the ports shown above
(33476-33479..) could be reached..


BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
© 1999-2001 William E. Weinman 

%rwhois V-1.5:0078b6:00 rwhois.verio.net (Vipar 0.1a. Comments to vipar at verio.net)
network:Class-Name:network
network:Auth-Area:168.143.112.0/21
network:ID:NETBLK-C020-ANONYMIZER-4.127.0.0.1/32
network:Handle:NETBLK-C020-ANONYMIZER-4
network:Network-Name:C020-ANONYMIZER-4
network:IP-Network:168.143.114.0/24
network:In-Addr-Server;I:C60-VRIO-HST.127.0.0.1/32
network:In-Addr-Server;I:U60-VRIO-HST.127.0.0.1/32
network:IP-Network-Block:168.143.114.0 - 168.143.114.255
network:Org-Name:Anonymizer
network:Street-Address:7525 Metropolitan dr Ste 306
network:City:San Diego
network:State:CA
network:Postal-Code:92108
network:Country-Code:US


Not quite sure what to make of that...


- John
-- 
^ALÍ! This program cannot be run in DOS mode.^M

PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 




More information about the list mailing list