[Dshield] UDP barage

Dean drdrc at charter.net
Sat Jul 6 16:57:11 GMT 2002


Thanks John.


----- Original Message -----
From: "John Sage" <jsage at finchhaven.com>
To: <list at dshield.org>
Sent: Saturday, July 06, 2002 1:46 AM
Subject: Re: [Dshield] UDP barage


> Dean:
>
> On Fri, Jul 05, 2002 at 09:56:28PM -0400, Dean wrote:
> > Pie ChartsI'm a bit of a novice at all this.  I see moderate activity
daily
> > but never anything like this.  I had another set of UDP events earlier
> > today.  Can someone explain what this means?
> >
> > Thanks,
> >
> > Dean
> >
> > 2002-07-05 21:31:46 -04:00 21836384 1 168.143.114.45 37087
24.159.164.202
> > 33476 UDP
> > 2002-07-05 21:31:51 -04:00 21836384 1 168.143.114.45 37087
24.159.164.202
> > 33477 UDP
> > 2002-07-05 21:31:56 -04:00 21836384 1 168.143.114.45 37087
24.159.164.202
> > 33478 UDP
> > 2002-07-05 21:32:01 -04:00 21836384 1 168.143.114.45 37087
24.159.164.202
> > 33479 UDP
>
> This looks quite a bit like the protocol (UDP) and the port range used
> by traceroute.
>
> See:
>
> http://andrew.triumf.ca/ports/udp.33434.html
>
> "Used by the Unix traceroute command, commonly used for verifying
> Internet connections. traceroute by default uses a base port of
> 33434 and increments by one each hop (so in practice uses ports
> between 33435 and 33465)"
>
>
> If the traceroute started on a higher port, the ports shown above
> (33476-33479..) could be reached..
>
>
> BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
> © 1999-2001 William E. Weinman
>
> %rwhois V-1.5:0078b6:00 rwhois.verio.net (Vipar 0.1a. Comments to
vipar at verio.net)
> network:Class-Name:network
> network:Auth-Area:168.143.112.0/21
> network:ID:NETBLK-C020-ANONYMIZER-4.127.0.0.1/32
> network:Handle:NETBLK-C020-ANONYMIZER-4
> network:Network-Name:C020-ANONYMIZER-4
> network:IP-Network:168.143.114.0/24
> network:In-Addr-Server;I:C60-VRIO-HST.127.0.0.1/32
> network:In-Addr-Server;I:U60-VRIO-HST.127.0.0.1/32
> network:IP-Network-Block:168.143.114.0 - 168.143.114.255
> network:Org-Name:Anonymizer
> network:Street-Address:7525 Metropolitan dr Ste 306
> network:City:San Diego
> network:State:CA
> network:Postal-Code:92108
> network:Country-Code:US
>
>
> Not quite sure what to make of that...
>
>
> - John
> --
> ^ALÍ! This program cannot be run in DOS mode.^M
>
> PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
> Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>





More information about the list mailing list