[55224] in North American Network Operators' Group
Re: 1434 traffic
daemon@ATHENA.MIT.EDU (Scott Weeks)
Sat Jan 25 20:38:22 2003
Date: Sat, 25 Jan 2003 14:27:04 -1000 (HST)
From: Scott Weeks <surfer@mauigateway.com>
To: Johannes Ullrich <jullrich@euclidian.com>
Cc: nanog@merit.edu
In-Reply-To: <20030125153149.52f7b689.jullrich@euclidian.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 25 Jan 2003, Johannes Ullrich wrote:
:
:
: > What I'm seeing from on my personal network connections is a lot of
: > traffic to udp port 1434 start at 05:30:08 UTC.
:
: I did some graphing of reports we got to DShield/ISC up to 9am EST.
: http://isc.sans.org/port1434start.gif
:
: The part that amazes me is the speed. It saturated within 1 minute!
Maybe they read "How to Own the Internet in Your Spare Time?" :-)
scott
: Does anybody else see the oscillations in traffic? I remember seeing
: something similar in netflow data for slapper (2002 udp). Or is this
: just an artifact of our particular dataset?
:
: So far, we got about 80,000 sources (distinct IPs sending port 1434
: packets)
:
:
:
: --
: --------------------------------------------------------------------
: jullrich@euclidian.com Collaborative Intrusion Detection
: join http://www.dshield.org
:
