1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Firewall UDP flood Question

Discussion in 'Security' started by black.hat, Dec 17, 2013.

  1. #1
    Does anyone know what exactly this Alert refers to:

    UDP flood! From 192.168.x.x:51354 to 220.x.x.x:1194, proto UDP (zone Trust, int bgroup0). Occurred 121 times.
    SEMrush
    I know it is UDP flood alert, but what exactly has been done and what are the possible risks?
     
    black.hat, Dec 17, 2013 IP
    SEMrush
  2. infinitnet

    infinitnet Member

    Messages:
    56
    Likes Received:
    7
    Best Answers:
    1
    Trophy Points:
    35
    #2
    Are you running a VPN service? It just looks like some UDP traffic directed to your VPN port. It could be a small DDoS attack or even legit traffic. The information you provided is not extensive enough to figure that out - you should use tcpdump to look at the traffic, like "tcpdump -nnA dst host 220.x.x.x and dst port 1194 and udp" and figure out what kind of traffic it is. You can use something like "tcpdump dst host 220.x.x.x and dst port 1194 and udp -w dump.pcap -c1000" to create dump file that you can view in tools such as Wireshark or provide here so people can actually help you. Keep in mind to disable your firewall so you can analyze the traffic.
     
    infinitnet, Dec 19, 2013 IP
  3. tuxandrew

    tuxandrew Active Member

    Messages:
    63
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    68
    #3
    Are you using any custom firewalls?
     
    tuxandrew, Jan 7, 2014 IP