HPE Community
Operating System - HP-UX
1823910 Members
3292 Online
109666 Solutions
New Discussion юеВ

Re: UDP flood attack detected

 
ckchan
Occasional Contributor

тАО03-08-2006 01:08 PM

тАО03-08-2006 01:08 PM

UDP flood attack detected

Hello there,
My firewall monitoring tool keeps receiving "UDP flood attack detected" from one of our servers. Please advise what should i do

Thank you
0 Kudos
4 REPLIES 4
A. Clay Stephenson
Acclaimed Contributor

тАО03-08-2006 01:50 PM

тАО03-08-2006 01:50 PM

Re: UDP flood attack detected

Your question doesn't make it clear if your server is the source of these packets or is the victim. In any event, the firewall should be able to identify the port number(s), the IP address(es), and the MAC address(es) of the sending host(s). The first few hex digits of the MAC address can help you identify the type of equipment if the IP addresses are unknown.

This sounds like you have some infected PC's on your network but you simply haven't provided enough data yet.
If it ain't broke, I can fix that.
0 Kudos
ckchan
Occasional Contributor

тАО03-08-2006 02:48 PM

тАО03-08-2006 02:48 PM

Re: UDP flood attack detected

Thanks for your response
The server is the source of the packet. How do i know the root cause?
0 Kudos
A. Clay Stephenson
Acclaimed Contributor

тАО03-08-2006 03:55 PM

тАО03-08-2006 03:55 PM

Re: UDP flood attack detected

The answer is the same. The firewall should have logged the offending port number. You then need to find what process is using that port.
If it ain't broke, I can fix that.
0 Kudos
ckchan
Occasional Contributor

тАО03-09-2006 12:04 PM

тАО03-09-2006 12:04 PM

Re: UDP flood attack detected

Thank you
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.