[Dshield] Many Hits on Port 26809

stu secmail at patchsupplier.dyndns.org
Tue Aug 30 22:37:26 GMT 2005


Do you have a network or is this a standalone box?

What software have you run today?

Check netstat see if your box is ready to receive date on UDP 26809
(netstat -an) if so use netstat -ano to get the PID and netstat -anb to
get the executable name that opened the port and track it down from
there. 

If that fails you could allow it through and packet capture it, see if
you can make sense of the payload. At least if you allow it the system
will send back a port unreachable and hopefully the remote address will
forget you.

Stu

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Rick Friedman
Sent: 30 August 2005 23:11
To: list at lists.dshield.org
Subject: Re: [Dshield] Many Hits on Port 26809

On Tue, 2005-08-30 at 17:04 -0400, Richard Golodner wrote:
> We are not seeing any traffic to 26809. Your old IP address must have
been
> offering something tasty....
> Richard

Except that, while my IP address IS assigned dynamically, I've had this
IP address for 3 days now. Everything was quiet until earlier this
afternoon. Suddenly, I'm inundated with all these hits on port 26809.

Rick
-- 
Rick's Law: What cannot be imagined will be accomplished by a fool.


_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list