El vie, 24 de 09 de 2004 a las 17:53, Askar escribiÃ: > hi all > can someone tell me what type of traffic is this.... > #tcpdump -n port not 22 -c 100 and -t host xxx.xx.xx.xx > > xx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36 > xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36 > xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36 > xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36 > xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36 > xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36 > xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36 > xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36 > xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36 > xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36 > xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36 > xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36 > xxx.xx.xxx.xx.28332 > 217.165.224.42.32706: udp 36 > > xxx... is our client IP we are getting lot of like these.. days with > different source ip each time. > regards Port 36 is unnasigned, so it maybe it's a worm or any kind of attack. You could stop it in your firewall with no problem. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
