[Snort-users] udp/4156

Daniel Holden dholden at ...2819...
Tue Sep 24 08:16:02 EDT 2002


Sounds like the slapper-B or C virus that just came out.  Look for a
process called .unlock.  More info here
http://www.sophos.com/virusinfo/analyses/linuxslapperb.html

Colin Wu wrote:

> Hi Snorters,
>
> Has anyone seen, or know what traffic might be using udp/4156 as both
> source and destination? I had a look on the Internet Ports Database but
> found no reference to it. A host on my network seems to be receiving a
> lot of these from all over the planet. Not enough bandwidth usage to be
> noticable but snort picked up "bad frag bits" on some of the packets.
>
> --
>    __     _             _            Network Analyst
>   /  )   //            ' )   /       Computing & Information Services
>  /    __|/  o ____      / / / . .    McMaster University
> (__/ (_) \_<_/ / <_    (_(_/ (_/_    (905)525-9140 ext 24050
>                                     http://netman.McMaster.CA
> Only get into a life boat if you have to step UP to get into it.
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Daniel L. Holden
dholden at ...2819...
http://www.idsb.net







More information about the Snort-users mailing list