cancel
Showing results for 
Search instead for 
Did you mean: 

Fragmented traffic alarms

mssystems
Rising Star
Posts: 269
Thanks: 33
Fixes: 1
Registered: 10-08-2007

Fragmented traffic alarms

Hi all

Over the last couple weeks my firewall has been Alarming (see below)

I have traced the subnet and can't think of a reason why it is trying to contact me. It also looks like my subnet is being sytematically scanned. So it is all rather suspicious.

I was wondering if anyone had any idea what application or trojan might be trying to connect on UDP 8224 and 1029 ?

I have blocked the culprits ISPs subnet and e-mailed the abuse address.

Regards
Matt

[00001] 2004-03-17 12:01:38 [Root]system-critical-00429: Fragmented traffic! From 66.90.98.57:8224 to xxx.xxx.xxx.xx4:8224, proto UDP (zone Untrust, int untrust). Occurred 2 times.
[00002] 2004-03-17 12:01:38 [Root]system-critical-00429: Fragmented traffic! From 66.90.98.57:7223 to xxx.xxx.xxx.xx4:1029, proto UDP (zone Untrust, int untrust). Occurred 1 times.
[00003] 2004-03-17 12:01:38 [Root]system-critical-00429: Fragmented traffic! From 66.90.98.248:8224 to xxx.xxx.xxx.xx5:8224, proto UDP (zone Untrust, int untrust). Occurred 2 times.
[00004] 2004-03-17 12:01:38 [Root]system-critical-00429: Fragmented traffic! From 66.90.98.248:18530 to xxx.xxx.xxx.xx5:1029, proto UDP (zone Untrust, int untrust). Occurred 1 times.
[00005] 2004-03-17 12:01:38 [Root]system-critical-00429: Fragmented traffic! From 66.90.106.73:8224 to xxx.xxx.xxx.xx3:8224, proto UDP (zone Untrust, int untrust). Occurred 2 times.
[00006] 2004-03-17 12:01:38 [Root]system-critical-00429: Fragmented traffic! From 66.90.106.73:31589 to xxx.xxx.xxx.xx3:1029, proto UDP (zone Untrust, int untrust). Occurred 1 times.
[00007] 2004-03-17 12:01:38 [Root]system-critical-00429: Fragmented traffic! From 66.90.103.49:8224 to xxx.xxx.xxx.xx6:8224, proto UDP (zone Untrust, int untrust). Occurred 2 times.
[00008] 2004-03-17 12:01:38 [Root]system-critical-00429: Fragmented traffic! From 66.90.103.49:17674 to xxx.xxx.xxx.xx6:1029, proto UDP (zone Untrust, int untrust). Occurred 1 times.
[00009] 2004-03-17 12:01:38 [Root]system-critical-00429: Fragmented traffic! From 66.90.94.151:8224 to xxx.xxx.xxx.xx2:8224, proto UDP (zone Untrust, int untrust). Occurred 2 times.
[00010] 2004-03-17 12:01:38 [Root]system-critical-00429: Fragmented traffic! From 66.90.94.151:5950 to xxx.xxx.xxx.xx2:1029, proto UDP (zone Untrust, int untrust). Occurred 1 times.
[00011] 2004-03-17 12:01:37 [Root]system-critical-00429: Fragmented traffic! From 66.90.96.227:8224 to xxx.xxx.xxx.xx2:8224, proto UDP (zone Untrust, int untrust). Occurred 2 times.
1 REPLY
N/A

Re: Fragmented traffic alarms

Quote
Hi all
I was wondering if anyone had any idea what application or trojan might be trying to connect on UDP 8224 and 1029 ?


http://www.dshield.org/port_report.php?port=8224
http://www.dshield.org/port_report.php?port=1029

--
Simon