[Dshield] Sudden Massive increase in DPT=137

Tony Earnshaw tonye at billy.demon.nl
Thu Mar 25 19:21:14 GMT 2004


tor, 25.03.2004 kl. 15.47 skrev Lauro, John:

> Is there a new virus/worm?
>  
> I've just seen a massive increase in traffic SPT=137, DPT=137,
> prot=UDP starting around 8AM.
>  
> We are blocking an extra 8 million packets an hour right now (varies,
> but probably about 5X normal), and it's been going on for almost two
> hours now.  
>  
> A fair amount of of sources.  About 500 in a 1 minute sample, but also
> lots of packets from each source...  I'll hold onto a one minute
> sample and compare later to see if it's the same or different
> sources....

It wouldn't ever hurt to learn what software/hardware "discovered" this.
For my part I'm not experiencing this, but can't compare :( I'm running
iptables on kernel 2.6.4 (Linux, of course) and am only connected
sporadically to the Internet.

--Tonni

-- 

mail: billy - at - billy.demon.nl
http://www.billy.demon.nl




More information about the list mailing list