I've noticed a few times each day that a machine running the agent causes a UDP flood to the OSSEC server.
any ideas why this might be happening. I know because my Juniper 5gt reports it. The agent machine is a very active webserver that does not contain any root kits nor has it been compromised in any way. any ideas why this mihgt be happening. a typical burst looks like this: [00001] 2011-03-22 21:08:07 [Root]system-alert-00012: UDP flood! From 192.168.1.42:35634 to nn.nn.241.39:1514, proto UDP (zone Trust, int trust). Occurred 3 times. [00002] 2011-03-22 21:08:06 [Root]system-alert-00012: UDP flood! From 192.168.1.42:35634 to nn.nn.241.39:1514, proto UDP (zone Trust, int trust). Occurred 1585 times. [00003] 2011-03-22 21:08:05 [Root]system-alert-00012: UDP flood! From 192.168.1.42:35634 to nn.nn.241.39:1514, proto UDP (zone Trust, int trust). Occurred 2547 times. [00004] 2011-03-22 21:08:04 [Root]system-alert-00012: UDP flood! From 192.168.1.42:35634 to nn.nn.241.39:1514, proto UDP (zone Trust, int trust). Occurred 4122 times. [00005] 2011-03-22 21:08:03 [Root]system-alert-00012: UDP flood! From 192.168.1.42:35634 to nn.nn.241.39:1514, proto UDP (zone Trust, int trust). Occurred 2897 times. [00006] 2011-03-22 21:08:02 [Root]system-alert-00012: UDP flood! From 192.168.1.42:35634 to nn.nn.241.39:1514, proto UDP (zone Trust, int trust). Occurred 2521 times.
