[52261] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: worm changes port

daemon@ATHENA.MIT.EDU (fingers)
Sun Sep 22 21:38:10 2002

Date: Mon, 23 Sep 2002 03:37:38 +0200 (SAST)
From: fingers <fingers@fingers.co.za>
To: Mike Harrison <meuon@highertech.net>
Cc: jnull <jnelson@jnull.rackspace.com>,
	"nanog@merit.edu" <nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.33.0209222138030.5609-100000@mikey.highertech.net>
Errors-To: owner-nanog-outgoing@merit.edu

> > Curious to see how many saw the worm 2002 traffic change to UDP port
> > 4156 at about 5PM Sat.
>
> It hit hard here this Sunday afternoon. Found 3 servers that helped in the
> DDOS going on.. what fun.

by DDoS, are you talking about actual attack traffic, or just traffic from
other infected hosts, to your 3, on udp port 4156? I was of the
understanding that the 4156 traffic is just "bot speak" between the
infected hosts, and not actual attack traffic?

Regards

--Rob


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[52261] in North American Network Operators' Group

Re: worm changes port

daemon@ATHENA.MIT.EDU (fingers)Sun Sep 22 21:38:10 2002

daemon@ATHENA.MIT.EDU (fingers)
Sun Sep 22 21:38:10 2002