[66177] in North American Network Operators' Group
High volumes of UDP traffic
daemon@ATHENA.MIT.EDU (Anderson, Ian)
Wed Dec 31 12:31:27 2003
Date: Wed, 31 Dec 2003 17:30:48 -0000
From: "Anderson, Ian" <i.anderson@lancaster.ac.uk>
To: <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
A heads-up
Since yesterday afternoon we saw a large increase in offsite traffic =
circa 80,000pps directed at host deals.in.crackcocaine.us
17:02:52.527762 148.88.156.86.2571 > 69.50.162.82.7854: udp 1
17:02:52.527876 148.88.156.86.2571 > 69.50.162.82.3002: udp 1
17:02:52.527877 148.88.156.86.2571 > 69.50.162.82.37525: udp 1
17:02:52.527996 148.88.156.86.2571 > 69.50.162.82.6170: udp 1
17:02:52.527997 148.88.156.86.2571 > 69.50.162.82.39709: udp 1
17:02:52.528113 148.88.156.86.2571 > 69.50.162.82.9818: udp 1
17:02:52.528114 148.88.156.86.2571 > 69.50.162.82.57395: udp 1
17:02:52.528115 148.88.156.86.2571 > 69.50.162.82.18194: udp 1
17:02:52.528230 148.88.156.86.2571 > 69.50.162.82.55981: udp 1
17:02:52.528231 148.88.156.86.2571 > 69.50.162.82.42256: udp 1
17:02:52.528350 148.88.156.86.2571 > 69.50.162.82.41441: udp 1
These seem to be from various windows boxen on our network, due to our =
campus being locked down we've not been able to examine closely the =
machines and find out exactly what's going on, we've just disconnected =
them as an interim measure.
Anyone else seen similar strangeness? Is it coincidence or is it =
another l33t haxor trying the old "no one's working on new years eve"??
Anyway a happy new year to all - I'm off to enjoy the party...
Ian
--=20
Ian Anderson
Network Support
Lancaster University, Lancaster, LA1 4YW
t: 01524 593019 ~ ip: 01524 510101 ~ f: 01524 844011
i.anderson@lancs.ac.uk=20
