Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- UDP Port 28711
September 21, 2006, 11:17 am
rate this thread
background noise bouncing off the firewalls.
A new one we've just installed is getting hammered on UDP 28711. It
dropped 18000 packets yesterday. Here is a snippet of the log:
From 188.8.131.52 - 1 packet to udp(28711)
From 184.108.40.206 - 1 packet to udp(28711)
From 220.127.116.11 - 1 packet to udp(28711)
From 18.104.22.168 - 1 packet to udp(28711)
From 22.214.171.124 - 3 packets to udp(28711)
From 126.96.36.199 - 2 packets to udp(28711)
From 188.8.131.52 - 1 packet to udp(28711)
Any ideas what this could be? I can't find any known info for this
port. This is the only box we see this on.
Re: UDP Port 28711
Obviously, not enough information to say one way or another, but some things
to think about:
UDP is connectionless - what do you see in a sample packet?
28711 is Userland, and thus is available to anyone. A google search
turns up nothing
The seven hosts you list - six are academic, and only the last is some
/usr/sbin/tcpdump -n -s 1500 udp and not port 53 >> /tmp/udp.watch
and see what you have. This might pick up some windoze messenger spam
(UDP directed to ports 1025 - 1035). Be aware that most messenger spam is
using spoofed IP addresses (connectionless - they don't need you to respond
as the "message" is in that first packet, and no further "conversation" is
necessary). This might _ALSO_ be the case in your case. Pay attention to
the TTL and source port values.)
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security