General DDOS curiousity
Todd Zimmermann
t.zim at att.net
Fri May 30 19:16:14 PDT 2003
Lowell Gilbert wrote:
> Todd Zimmermann <t.zim at att.net> writes:
>
>
>>This isn't so much a question as a curiosity I noticed tonight.
>>
>>I have a dialup account with att.net & get a dynamic ip in the 12.93
>>block. While logging in tonight and initializing ipfilter, I noticed
>>7 blocked input packets right away. No big deal, but I checked my
>>log. Each packet was from a diff ip, but all to port 41170 UDP...
>>
>>Now I'm up to 501 blocked packets, unique ips but same port. I've
>>logged into scans before, but nothing like this.
>
> Sounds like one packet per second or less. If that's supposed to be a
> DDOS, it isn't much of one. More likely, the previous holder of the
> address was running some kind of server, maybe a node in a
> peer-to-peer system.
>
>
>Jeremy Faulkner wrote:
>
>>41170 is used by Piolet, a peer-to-peer file transfer program.
Yeah I guess DDOS wasn't the best choice of words. When I logged out and
grabbed another ip it disappeared.
Thanks for answering my question. I get too excited over log events
sometimes :)
- Todd
More information about the freebsd-questions
mailing list