topic Re: UDP flood attack detected in Operating System - HP-UX

UDP flood attack detected

ckchan — Wed, 08 Mar 2006 21:08:27 GMT

Hello there,
My firewall monitoring tool keeps receiving "UDP flood attack detected" from one of our servers. Please advise what should i do

Thank you

Re: UDP flood attack detected

A. Clay Stephenson — Wed, 08 Mar 2006 21:50:31 GMT

Your question doesn't make it clear if your server is the source of these packets or is the victim. In any event, the firewall should be able to identify the port number(s), the IP address(es), and the MAC address(es) of the sending host(s). The first few hex digits of the MAC address can help you identify the type of equipment if the IP addresses are unknown.

This sounds like you have some infected PC's on your network but you simply haven't provided enough data yet.

Re: UDP flood attack detected

ckchan — Wed, 08 Mar 2006 22:48:47 GMT

Thanks for your response
The server is the source of the packet. How do i know the root cause?

Re: UDP flood attack detected

A. Clay Stephenson — Wed, 08 Mar 2006 23:55:28 GMT

The answer is the same. The firewall should have logged the offending port number. You then need to find what process is using that port.

Re: UDP flood attack detected

ckchan — Thu, 09 Mar 2006 20:04:10 GMT

Thank you