On Sat, 2006-04-08 at 02:18 +0000, [EMAIL PROTECTED] wrote: > Having read about the DoD IP issues in here, I thought I might add my 0.02: > > My router logs from the 28-03-2006 show a very strange sequence of port > attempts. > > Tue, 2006-03-28 05:20:52 - UDP Packet - Source:7.12.12.16,13364 > Destination:xx.xx.xx.xx,1035 - [DOS] > Tue, 2006-03-28 11:22:41 - UDP Packet - Source:7.12.12.16,13364 > Destination:xx.xx.xx.xx,1033 - [DOS] > Tue, 2006-03-28 11:22:41 - UDP Packet - Source:7.12.12.16,13364 > Destination:xx.xx.xx.xx,1035 - [DOS] > Tue, 2006-03-28 17:25:53 - UDP Packet - Source:7.12.12.16,13364 > Destination:xx.xx.xx.xx,1033 - [DOS] > [...]
These look like MS messenger pop-up spam (starting at port 1025 and now going into the mid/high-30s). The source address is likely spoofed. If you take a look at these packets with ngrep or tcpdump, I'm sure you find either advertising or a message saying your computer is infected and you need to visit a certain web site. I doubt the source is real, and wouldn't worry about it. That's the stuff firewalls are supposed to filter :) Cheers, Frank -- It is said that the Internet is a public utility. As such, it is best compared to a sewer. A big, fat pipe with a bunch of crap sloshing against your ports.
signature.asc
Description: This is a digitally signed message part
