|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical High volumes of UDP traffic
A heads-up Since yesterday afternoon we saw a large increase in offsite traffic circa 80,000pps directed at host deals.in.crackcocaine.us 17:02:52.527762 148.88.156.86.2571 > 69.50.162.82.7854: udp 1 17:02:52.527876 148.88.156.86.2571 > 69.50.162.82.3002: udp 1 17:02:52.527877 148.88.156.86.2571 > 69.50.162.82.37525: udp 1 17:02:52.527996 148.88.156.86.2571 > 69.50.162.82.6170: udp 1 17:02:52.527997 148.88.156.86.2571 > 69.50.162.82.39709: udp 1 17:02:52.528113 148.88.156.86.2571 > 69.50.162.82.9818: udp 1 17:02:52.528114 148.88.156.86.2571 > 69.50.162.82.57395: udp 1 17:02:52.528115 148.88.156.86.2571 > 69.50.162.82.18194: udp 1 17:02:52.528230 148.88.156.86.2571 > 69.50.162.82.55981: udp 1 17:02:52.528231 148.88.156.86.2571 > 69.50.162.82.42256: udp 1 17:02:52.528350 148.88.156.86.2571 > 69.50.162.82.41441: udp 1 These seem to be from various windows boxen on our network, due to our campus being locked down we've not been able to examine closely the machines and find out exactly what's going on, we've just disconnected them as an interim measure. Anyone else seen similar strangeness? Is it coincidence or is it another l33t haxor trying the old "no one's working on new years eve"?? Anyway a happy new year to all - I'm off to enjoy the party... Ian -- Ian Anderson Network Support Lancaster University, Lancaster, LA1 4YW t: 01524 593019 ~ ip: 01524 510101 ~ f: 01524 844011 [email protected]
|