[Dshield] question....

Jonathan G. Lampe jonathan at stdnet.com
Tue Oct 1 21:51:15 GMT 2002

Hi.  I think you need to state the "destination" UDP port as well. My 
suspicion is that *YOU* are causing the ping by sending out a packet from 
UDP port 1026 to UDP port ???.  (Maybe a time server on port 123?) I am 
suspicious because 1026 is very close to 1024, the magic number at which 
the "high port range" begins.

(In particular, I've seen Cisco's firewall feature set fail to log outbound 
UDP packets which cause incoming UDP packets to come from the same machine 
with two IP addresses...again, a time server situation...someone was 
serving up time on one IP but sending the packets back with another IP 


At 12:52 PM 9/29/2002, you wrote:
> >    I'm new to the list, and just joined out of curiosity because  I 
> keep getting 'pinged', some I've trace on Neo Trace.  This one 
> was  strange because it couldn't find who it was.  Any ideas/help?   This 
> was the number  UDP Port 1026   Thanks!   Karen
>Local DNS:
>OrgName:    PaeTec Communications, Inc.
>OrgID:      PAET NetRange: -
>NetHandle:  NET-64-80-0-0-1
>Parent:     NET-64-0-0-0-0
>NetType:    Direct Allocation
>NameServer: NS1.PAETEC.NET
>NameServer: NS2.PAETEC.NET
>NameServer: NS3.PAETEC.NET
>RegDate:    2000-04-27
>Updated:    2002-06-18 TechHandle: IP43-ARIN
>TechName:   PaeTec Communications, Inc.
>TechPhone:  +1-585-340-2751
>TechEmail:  ipadmin at paetec.com OrgTechHandle: IP43-ARIN
>OrgTechName:   PaeTec Communications, Inc.
>OrgTechPhone:  +1-585-340-2751
>OrgTechEmail:  ipadmin at paetec.com
>Dshield mailing list
>Dshield at dshield.org
>To change your subscription options (or unsubscribe), see: 

More information about the list mailing list