[squid-users] lots of UDP connections from Bal Krishna Adhikari on 2011-06-03 (squid-users)

From: Bal Krishna Adhikari <balkrishna_at_subisu.net.np>
Date: Fri, 03 Jun 2011 15:58:23 +0545

Hello,

I found a lot of UDP connections that is coming to my proxy servers.
I don't find the cause of such one-way traffics to my servers.
The sample UDP traffic is as :-

14:00:07.506612 IP 41.209.69.146.10027 > x.x.x.x.65453: UDP, length 30
14:00:07.518118 IP 121.218.37.254.41597 > x.x.x.x.64338: UDP, length 30
14:00:07.572559 IP 85.224.143.193.29978 > x.x.x.x.62782: UDP, length 30
14:00:07.596554 IP 183.87.200.42.36895 > x.x.x.x.15786: UDP, length 30
14:00:07.642820 IP 180.215.37.96.49977 > x.x.x.x.49458: UDP, length 30
14:00:07.653055 IP 117.195.138.64.24314 > x.x.x.x.44985: UDP, length 33
14:00:07.739963 IP 82.31.238.101.50534 > x.x.x.x.52750: UDP, length 30
14:00:07.783452 IP 86.83.107.196.41870 > x.x.x.x.62782: UDP, length 30
14:00:07.809677 IP 94.246.23.15.59003 > x.x.x.x.27462: UDP, length 30
14:00:07.837415 IP 75.156.164.147.49398 > x.x.x.x.34847: UDP, length 30
14:00:07.841668 IP 82.8.212.242.25931 > x.x.x.x.24869: UDP, length 30
14:00:07.841697 IP 89.136.112.99.42182 > x.x.x.x.52750: UDP, length 30
14:00:07.854215 IP 99.191.156.208.18162 > x.x.x.x.64338: UDP, length 30
14:00:07.885386 IP 88.147.72.252.60224 > x.x.x.x.19151: UDP, length 30
14:00:07.960841 IP 68.169.185.192.63480 > x.x.x.x.58638: UDP, length 30
14:00:08.071763 IP 79.113.242.42.31998 > x.x.x.x.33995: UDP, length 30
14:00:08.078260 IP 94.202.49.109.61957 > x.x.x.x.26071: UDP, length 67
14:00:08.101495 IP 82.169.68.179.19605 > x.x.x.x.45682: UDP, length 30
14:00:08.113238 IP 86.99.42.7.15086 > x.x.x.x.11706: UDP, length 67
14:00:08.127979 IP 62.195.70.253.45266 > x.x.x.x.37050: UDP, length 30
14:00:08.163992 IP 2.82.207.195.38343 > x.x.x.x.26680: UDP, length 30
14:00:08.183453 IP 68.81.206.57.25923 > x.x.x.x.18378: UDP, length 30
14:00:08.237689 IP 108.120.241.254.47249 > x.x.x.x.39433: UDP, length 30
14:00:08.256906 IP 99.161.157.254.41719 > x.x.x.x.26680: UDP, length 30
14:00:08.291885 IP 121.136.175.247.12577 > x.x.x.x.16485: UDP, length 67
14:00:08.315427 IP 121.144.158.120.30845 > x.x.x.x.61415: UDP, length 30
14:00:08.317404 IP 115.117.219.18.25817 > x.x.x.x.59936: UDP, length 30

Anyone has any idea if the traffic is genuine or some kind of attack ?
x.x.x.x is my proxy server.

--- Bal Krishna
Received on Fri Jun 03 2011 - 10:13:38 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 03 2011 - 12:00:01 MDT