[Dshield] Bizarre Activity Spurt...
security at admin.fulgan.com
Fri Oct 14 08:13:12 GMT 2005
This looks like messenger spam. Without the capture it's hard to say,
of course, but the target protocol and port are right.
RN> Most odd. Never seen this before...
RN> I just had 232 hits on ports 1025 and 1026, all udp, in 42 seconds. All had
RN> the source port of 7568. All but the first IP listed hit 8 times, port 1025
RN> then 1026, in a one-second burst each. One IP hit 8 times, then the next IP
RN> hit 8 times... Each 1025-1026 pair was at the same time, the next pair from
RN> that IP was 12-15 ms later.
More information about the list