Strange network traffic but I dont know how to track it
Results 1 to 5 of 5

Thread: Strange network traffic but I dont know how to track it

  1. #1
    Member bradlesliect's Avatar
    Join Date
    Apr 2006
    Location
    CT - SA
    Posts
    74

    Unhappy Strange network traffic but I dont know how to track it

    Hi,

    I am getting logs from my router(Netgear) but I dont know what this is or which machine on the network is generating this. Can anyone help me?

    UDP Packet - Source:65.255.54.196,58369 Destination:A.B.C.D,27515 - [DOS]
    UDP Packet - Source:90.227.16.233,63327 Destination:A.B.C.D,27515 - [DOS]

    A.B.C.D = my router ptp address. I run NAT on the network. I have about 10 workstations and I dont want to search each and everyone for spyware, torrent server, virus.

    Any help?

    Thanks
    .....I rather not say....

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I get this type of UDP traffic when users are using a p2p (torrent, skype etc) and\or streaming video.

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Weird?

    The first IP is Cable & Wireless - Turks & Caicos Islands and the second is Telia Sonera AB - Sweden.

    SANS suggests those ports might be being used by a new Twitter worm.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #4
    Member
    Join Date
    May 2003
    Location
    Somewhere in Texas
    Posts
    76
    Note on morganlefay's comment: Do you allow p2p?

    If someone installed a p2p or sharing client, it will go out on port 80 (usually) and advertise itself as participating on the network. Others will try and connect to them, initiating a connection that gets blocked inbound -- looking like a DoS attack. It'll usually look like a ton of attempts from all over the place (like a small DDoS). That's what I've seen on occasion here...

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    No...we dont allow P2P...

    but we have a consultant that uses skype at times and it behaves just like a p2p client with IPs coming in from all over....

    Router blocks it.....it creates alot of logs.....and I am altered right away when some little fooker starts up a p2p client

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

Similar Threads

  1. Windows Error Messages
    By cheyenne1212 in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: February 1st, 2012, 02:51 PM
  2. Port List
    By ThePreacher in forum Miscellaneous Security Discussions
    Replies: 17
    Last Post: December 14th, 2006, 09:37 PM
  3. Understanding DoS
    By NullDevice in forum The Security Tutorials Forum
    Replies: 21
    Last Post: December 17th, 2003, 10:03 PM
  4. OSI 7 LAYER special
    By Computernerd22 in forum Network Security Discussions
    Replies: 0
    Last Post: July 18th, 2003, 05:36 PM
  5. ports
    By hatebreed2000 in forum AntiOnline's General Chit Chat
    Replies: 1
    Last Post: March 14th, 2003, 06:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •