[Dshield] Many Hits on Port 26809
secmail at patchsupplier.dyndns.org
Tue Aug 30 22:37:26 GMT 2005
Do you have a network or is this a standalone box?
What software have you run today?
Check netstat see if your box is ready to receive date on UDP 26809
(netstat -an) if so use netstat -ano to get the PID and netstat -anb to
get the executable name that opened the port and track it down from
If that fails you could allow it through and packet capture it, see if
you can make sense of the payload. At least if you allow it the system
will send back a port unreachable and hopefully the remote address will
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Rick Friedman
Sent: 30 August 2005 23:11
To: list at lists.dshield.org
Subject: Re: [Dshield] Many Hits on Port 26809
On Tue, 2005-08-30 at 17:04 -0400, Richard Golodner wrote:
> We are not seeing any traffic to 26809. Your old IP address must have
> offering something tasty....
Except that, while my IP address IS assigned dynamically, I've had this
IP address for 3 days now. Everything was quiet until earlier this
afternoon. Suddenly, I'm inundated with all these hits on port 26809.
Rick's Law: What cannot be imagined will be accomplished by a fool.
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list