Check the hostname of these IP addresses. They could be DNS replies, using random ports for source/destinations. Squid can generate tons of DNS traffic. >>> Bal Krishna Adhikari <balkrishna@xxxxxxxxxxxxx> 6/3/2011 6:13 AM >>> Hello, I found a lot of UDP connections that is coming to my proxy servers. I don't find the cause of such one-way traffics to my servers. The sample UDP traffic is as :- 14:00:07.506612 IP 41.209.69.146.10027 > x.x.x.x.65453: UDP, length 30 14:00:07.518118 IP 121.218.37.254.41597 > x.x.x.x.64338: UDP, length 30 14:00:07.572559 IP 85.224.143.193.29978 > x.x.x.x.62782: UDP, length 30 14:00:07.596554 IP 183.87.200.42.36895 > x.x.x.x.15786: UDP, length 30 14:00:07.642820 IP 180.215.37.96.49977 > x.x.x.x.49458: UDP, length 30 14:00:07.653055 IP 117.195.138.64.24314 > x.x.x.x.44985: UDP, length 33 14:00:07.739963 IP 82.31.238.101.50534 > x.x.x.x.52750: UDP, length 30 14:00:07.783452 IP 86.83.107.196.41870 > x.x.x.x.62782: UDP, length 30 14:00:07.809677 IP 94.246.23.15.59003 > x.x.x.x.27462: UDP, length 30 14:00:07.837415 IP 75.156.164.147.49398 > x.x.x.x.34847: UDP, length 30 14:00:07.841668 IP 82.8.212.242.25931 > x.x.x.x.24869: UDP, length 30 14:00:07.841697 IP 89.136.112.99.42182 > x.x.x.x.52750: UDP, length 30 14:00:07.854215 IP 99.191.156.208.18162 > x.x.x.x.64338: UDP, length 30 14:00:07.885386 IP 88.147.72.252.60224 > x.x.x.x.19151: UDP, length 30 14:00:07.960841 IP 68.169.185.192.63480 > x.x.x.x.58638: UDP, length 30 14:00:08.071763 IP 79.113.242.42.31998 > x.x.x.x.33995: UDP, length 30 14:00:08.078260 IP 94.202.49.109.61957 > x.x.x.x.26071: UDP, length 67 14:00:08.101495 IP 82.169.68.179.19605 > x.x.x.x.45682: UDP, length 30 14:00:08.113238 IP 86.99.42.7.15086 > x.x.x.x.11706: UDP, length 67 14:00:08.127979 IP 62.195.70.253.45266 > x.x.x.x.37050: UDP, length 30 14:00:08.163992 IP 2.82.207.195.38343 > x.x.x.x.26680: UDP, length 30 14:00:08.183453 IP 68.81.206.57.25923 > x.x.x.x.18378: UDP, length 30 14:00:08.237689 IP 108.120.241.254.47249 > x.x.x.x.39433: UDP, length 30 14:00:08.256906 IP 99.161.157.254.41719 > x.x.x.x.26680: UDP, length 30 14:00:08.291885 IP 121.136.175.247.12577 > x.x.x.x.16485: UDP, length 67 14:00:08.315427 IP 121.144.158.120.30845 > x.x.x.x.61415: UDP, length 30 14:00:08.317404 IP 115.117.219.18.25817 > x.x.x.x.59936: UDP, length 30 Anyone has any idea if the traffic is genuine or some kind of attack ? x.x.x.x is my proxy server. --- Bal Krishna Travel Impressions made the following annotations ------------------------------------------------------------- "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you."
