[OT] UDP to port 1828 like crazy
Michael St. Laurent
mikes at HARTWELLCORP.COM
Tue Mar 16 21:59:15 GMT 2004
shrek-m at gmx.de <mailto:shrek-m at GMX.DE> wrote:
>> I'm seeing tons of network activity all UDP traffic to port 1828.
>> Is this an indication of a virus?
>
> # lsof -Pi :1828
>
> # grep 1828 /etc/services /usr/share/nmap/nmap-services
>
> http://www.iana.org/assignments/port-numbers
>
> itm-mcell-u 1828/tcp itm-mcell-u
> itm-mcell-u 1828/udp itm-mcell-u
Yep, I got this far but could not figure out what software itm-mcell-u was
referring to...
> google ??
> trojan virus backdoor dos port udp 1828
>
> http://berkeley.intel-research.net/bnc/snortsensor/rules.html
> 1828 WEB-MISC iPlanet Search directory traversal attempt
But I didn't find the iPlanet stuff.
What is this? It says WEB-MISC so I'm assuming that it's not virus related.
We're seeing about 200 packets per second on our network destined to
255.255.255.255 UDP Port 1828 each of which has a payload section of 256
bytes.
--
Michael St. Laurent
Hartwell Corporation
More information about the MailScanner
mailing list