Our border ACLs are catching about three thousand UDP/2100 hits every minute
tonight. Is anyone else seeing this? It seems as if ELF/Scalper-A (the
Apache/FreeBSD worm) is spreading.
Drew Linsalata
The Gotham Bus Company
Internet Server and Carrier Neutral Co-Location
http://www.gothambus.com
Our border ACLs are catching about three thousand
UDP/2100 hits every minute
tonight. Is anyone else seeing this? It seems as
if ELF/Scalper-A (the
Apache/FreeBSD worm) is spreading.
http://www.dshield.org/port_report.php?port=2100
Their is no major activity across 2100.
But activity in more across 17300.
(http://www.dshield.org/port_report.php?port=17300)
what might be the reason?
> Our border ACLs are catching about three thousand
> UDP/2100 hits every minute
> tonight. Is anyone else seeing this? It seems as
> if ELF/Scalper-A (the
> Apache/FreeBSD worm) is spreading.http://www.dshield.org/port_report.php?port=2100
Their is no major activity across 2100.
Since the 2100 traffic would be a targeted DDOS attack,
it will not show up globally. Also, didn't Scalper use
a commodity DDOS engine? So the 2100 traffic you see is
not necessarily from Scalper but could be from something
else that uses the same ddos engine.
But activity in more across 17300.
(http://www.dshield.org/port_report.php?port=17300)
what might be the reason?
yeah. if anybody has packet captures. Probably not appropriate
for the Nanog list. But just send them to me.
> But activity in more across 17300.
>
(http://www.dshield.org/port_report.php?port=17300)
> what might be the reason?yeah.
I have read somewhere that 17300 is used by a new
virus called *Kuang2 Virus*. Have anyone heard of such
names?