[Dshield] Port 16 traffic

jmulkerin jmulkerin at comcast.net
Fri Dec 23 15:25:59 GMT 2005


We're just getting hammered with fragmented traffic to port 16 on a 
dns/smtp server.  Its always 1 packet.  Normally he/she sends two 
packets and changes IPs then two more, then changes IP .etc.  Here is a 
snippet:

[Root]system-critical-00440: Fragmented traffic! From 
216.234.234.34:20864 to DNSSERVER:16, proto UDP (zone Untrust, int 
ethernet1). Occurred 1 times. (2005-12-23 07:18:39)

We have nothing running on port 16 and haven't found any covert channels 
running on port 16.

Comments?

John Mulkerin


More information about the list mailing list