[Dshield] Excessive amount of UDP port 10254 probes
ag-dshield at cerebro.violating.us
Sun Nov 17 20:55:02 GMT 2002
I googled for port 10254 and came up with a few references of Denail of
Service attacks directed toward that port. Directed towards
SLMail. Now all the references for the Denial of Service are pretty old
(1998). Below are some e-mails I found regarding SLMail DoS.
Hope that Helps
 - http://archives.neohapsis.com/archives/ntbugtraq/1998/msg00613.html
* I dont know if this is what they are trying to target, but very similar *
> Greetings all,
> Over the last 24hrs, I'm experienced a large amount of UDP port probes
> directed at port 10254 but originating from many different ports and
> many different hosts.
> One of the sources of the attack is currently number 10 on the Top Ten
> list (*p5082F21D.dip.t-dialin.net*), however, at least a dozen others
> have attempted the same attack on the same port. All attempts have
> failed, however, my software firewall (Black Ice Defender) is spiking
> cpu usage to over 30%.
> In total, I've probably received over 4000 UDP port 10254 probes
> during the last 24 hours. This is a home win2k desktop machine not
> running any server applications.
> Is anyone familiar with port 10254?
> Thanks in advance
The secret to success is to start from scratch and keep on scratching.
More information about the list