Incidents
Re: Port 1234 UDP traffic increase? Dec 14 2007 06:43PM
Dude VanWinkle (dudevanwinkle gmail com) (1 replies)
On Dec 14, 2007 12:05 PM, Bob Holowenko <holowenko (at) gmail (dot) com [email concealed]> wrote:
> Personally I do not think we have to worry about traffic from doubleclick.
> They were bought out by Google last spring I believe. As for traffic on port
> 1234 I have not seen any increase in it. I will however be setting up some
> packet sniffing on my network edge to see if I can get more information
> about what is being carried in those packet.
>
> Anyone have any wireshark caps already?

OK, I figured this one out with a little help from wireshark and the
machines receiving the traffic. Apparently 1234/UDP is used for a
proprietary Video Streaming application.

I think what I will take away from this is that while the last time I
was watching this much traffic, viruses were noisy and big. Today, the
ones to worry about are DDoS (80,53, 433, 8080, etc) and quiet C&C
channels. I guess the days of massive floods related to
malware/viruses/worms are long gone.

Once again, sorry for the noise. I will try and do some more legwork
before hitting up the list :-)

-JP

------------------------------------------------------------------------
-
This list sponsored by: SPI Dynamics

ALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper
It's as simple as placing additional SQL commands into a Web Form input box
giving hackers complete access to all your backend systems! Firewalls and IDS
will not stop such attacks because SQL Injections are NOT seen as intruders.
Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8
E
------------------------------------------------------------------------
--

[ reply ]
Re: Port 1234 UDP traffic increase? Dec 20 2007 03:29PM
Steve Barnet (barnet icecube wisc edu)


 

Privacy Statement
Copyright 2010, SecurityFocus