Bandwidth usage on my pipe has gone through the roof, unusual since most
students are gone.
Appears to be UDP packets from a host (student registered IP) inside my
net to a host outside, with the UDP packets coming from various high
numbered ports in the 1024-3000 raneg to ports in the 1-100 range.
Each packet has what appears to be a small amount of "real" data and it
is then padded out to a full 1500 octets. No, Actually, each UDP packet
is fragmented with the first fragment having a bit of data followed by
the padding out to 1500 octetcs, and the second fragment starts with the
exact same bit of data followed by padding out to 528 octets.
Does this sound familiar to anyone?
Portscan of the machine with OS fingerprinting turns up no match, which
strikes me as very strange. The scan for UDP ports is not yet complete.
--
Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED]
UNIX System Administrator|Royal Military College of Canada
The Kingston Linux Users Group|http://signals.rmc.ca/klug/
Saving the World ... One CPU at a Time
Please excuse me if I am terse. I answer dozens of emails every day.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
