[Dshield] Excessive amount of UDP port 10254 probes

Alberto Gonzalez ag-dshield at cerebro.violating.us
Sun Nov 17 20:55:02 GMT 2002


I googled for port 10254 and came up with a few references of Denail of 
Service attacks directed toward that port. Directed towards
SLMail. Now all the references for the Denial of Service are pretty old 
(1998). Below are some e-mails I found regarding SLMail DoS.


Hope that Helps

    - Alberto

[1] - http://archives.neohapsis.com/archives/ntbugtraq/1998/msg00613.html

* I dont know if this is what they are trying to target, but very similar *

Gravyface wrote:

> Greetings all,
>  
> Over the last 24hrs, I'm experienced a large amount of UDP port probes 
> directed at port 10254 but originating from many different ports and 
> many different hosts.
> One of the sources of the attack is currently number 10 on the Top Ten 
> list (*p5082F21D.dip.t-dialin.net*), however, at least a dozen others 
> have attempted the same attack on the same port.  All attempts have 
> failed, however, my software firewall (Black Ice Defender) is spiking 
> cpu usage to over 30%.
> In total, I've probably received over 4000 UDP port 10254 probes 
> during the last 24 hours.  This is a home win2k desktop machine not 
> running any server applications.
>  
> Is anyone familiar with port 10254?
>  
> Thanks in advance


-- 
The secret to success is to start from scratch and keep on scratching.





More information about the list mailing list