[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Adrian Midgley wrote: > > I'm assuming this is an attack from a botnet. Depending on the scale of it, I'd assume that was normal Microsoft background noise on the Internet. UDP 1434 on the net is usually MS SQL server infected with slammer. So one could notify the senders, as they may have infected machines. Then again if they still have Slammer at this point, they presumably aren't very important machines, or the admins are clueless.... 137-139 is usually just NetBios noise. If you've installed MS SQL server recently, or something that looks like it - i.e. listens on similar ports - that might explain a sudden change in traffic to these ports. > What might one do about that, preferably something automatable, and > intended to cause inconvenience to the attacker. If it is a lot of traffic drop the traffic matching ports 137-139 and 1434 as early as possible. I don't think it is a deliberate action, the're are noticeable gaps between the packets, and you're still managing to send email.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html