[OT strange UDP]

GDHough mr6re9-mI4xJ4qlgtBiLUuM0BA3LQ== at public.gmane.org
Sun Apr 18 19:10:29 UTC 2004 

Greeting tlug,

I try to avoid posting querries such as this to the list, but I can find 
nothing in the more appropriate places to look first (google, dshield, sans, 
etc)

For a couple weeks or so I've been dropping loads of UDP packets to 11613 and 
recently 11609 also. Yesterday I noticed that some of these packets contain 
human readable data. Please have a look at these samples from the last twenty 
hours:

Internet Protocol, Src Addr: 80.8.114.43
User Datagram Protocol, Src Port: 1163 (1163), Dst Port: 11613 (11613)
    Length: 35
Data (27 bytes)
0020  01 fa 04 8b 2d 5d 00 23 ef 39 e3 98 01 16 00 6a   ....-].#.9.....j
0030  6f 68 6e 20 68 75 72 74 20 61 76 61 6c 6f 6e 20   ohn hurt avalon 
0040  62 6c 75 65 73                                    blues

Internet Protocol, Src Addr: 67.84.128.193
User Datagram Protocol, Src Port: 32817 (32817), Dst Port: 11613 (11613)
    Length: 37
Data (29 bytes)
0020  01 fa 80 31 2d 5d 00 25 45 ca e3 98 01 18 00 75   ...1-].%E......u
0030  70 72 69 67 68 74 20 63 69 74 69 7a 65 6e 73 20   pright citizens 
0040  62 72 69 67 61 64 65                              brigade

Internet Protocol, Src Addr: 67.84.128.193
User Datagram Protocol, Src Port: 32817 (32817), Dst Port: 11613 (11613)
    Length: 41
Data (33 bytes)
0020  01 fa 80 31 2d 5d 00 29 69 7f e3 98 01 1c 00 72   ...1-].)i......r
0030  61 64 69 6f 68 65 61 64 20 2d 20 65 75 72 6f 63   adiohead - euroc
0040  6b 65 6e 6e 65 73 20 32 30 30 33                  kennes 2003

Internet Protocol, Src Addr: 67.84.128.193
User Datagram Protocol, Src Port: 32817 (32817), Dst Port: 11613 (11613)
    Length: 58
Data (50 bytes)
0020  01 fa 80 31 2d 5d 00 3a ef 88 e3 98 01 2d 00 70   ...1-].:.....-.p
0030  61 75 6c 20 76 61 6e 20 64 79 6b 20 2d 20 74 68   aul van dyk - th
0040  65 20 70 6f 6c 69 74 69 63 73 20 6f 66 20 64 61   e politics of da
0050  6e 63 69 6e 67 20 2d 20 32 30 30 31               ncing - 2001

Internet Protocol, Src Addr: 67.84.128.193
User Datagram Protocol, Src Port: 32817 (32817), Dst Port: 11613 (11613)
    Length: 46
Data (38 bytes)
0020  01 fa 80 31 2d 5d 00 2e 89 63 e3 98 01 21 00 70   ...1-]...c...!.p
0030  61 75 6c 20 76 61 6e 20 64 79 6b 20 2d 20 6f 75   aul van dyk - ou
0040  74 20 74 68 65 72 65 20 61 6e 64 20 62 61 63 6b   t there and back

Internet Protocol, Src Addr: 67.84.128.193
User Datagram Protocol, Src Port: 32817 (32817), Dst Port: 11613 (11613)
    Length: 81
Data (73 bytes)
0020  01 fa 80 31 2d 5d 00 51 a9 63 e3 98 01 44 00 67   ...1-].Q.c...D.g
0030  72 61 6e 64 20 74 68 65 66 74 20 61 75 74 6f 20   rand theft auto 
0040  76 69 63 65 20 63 69 74 79 20 62 6f 78 20 73 65   vice city box se
0050  74 20 28 65 61 63 20 6c 61 6d 65 20 6d 70 33 20   t (eac lame mp3 
0060  2d 2d 61 6c 74 2d 70 72 65 73 65 74 20 73 74 2e   --alt-preset st.
0070  72 61 72                                          rar

Internet Protocol, Src Addr: 67.84.128.193
User Datagram Protocol, Src Port: 32817 (32817), Dst Port: 11613 (11613)
    Length: 37
Data (29 bytes)
0020  01 fa 80 31 2d 5d 00 25 f7 e4 e3 98 01 18 00 6c   ...1-].%.......l
0030  65 64 7a 65 70 70 65 6c 69 6e 73 65 61 74 74 6c   edzeppelinseattl
0040  65 37 37 64 76 64 73                              e77dvds

Internet Protocol, Src Addr: 67.84.128.193
User Datagram Protocol, Src Port: 32817 (32817), Dst Port: 11613 (11613)
    Length: 32
Data (24 bytes)
0020  01 fa 80 31 2d 5d 00 20 92 0a e3 98 01 13 00 61   ...1-]. .......a
0030  70 68 65 78 20 74 77 69 6e 20 2d 20 64 72 75 6b   phex twin - druk
0040  71 73                                             qs

Internet Protocol, Src Addr: 62.167.76.143
User Datagram Protocol, Src Port: 1026 (1026), Dst Port: 11613 (11613)
    Length: 28
Data (20 bytes)
0020  01 fa 04 02 2d 5d 00 1c a9 ba e3 98 01 0f 00 61   ....-].........a
0030  6c 69 63 79 6e 20 73 74 65 72 6c 69 6e 67         licyn sterling

Internet Protocol, Src Addr: 80.132.163.130
User Datagram Protocol, Src Port: 36218 (36218), Dst Port: 11613 (11613)
    Length: 26
Data (18 bytes)
0020  01 fa 8d 7a 2d 5d 00 1a e2 6b e3 98 01 0d 00 32   ...z-]...k.....2
0030  34 20 32 2e 20 73 74 61 66 66 65 6c               4 2. staffel

Internet Protocol, Src Addr: 80.132.163.130
User Datagram Protocol, Src Port: 36218 (36218), Dst Port: 11613 (11613)
    Length: 28
Data (20 bytes)
0020  01 fa 8d 7a 2d 5d 00 1c 10 82 e3 98 01 0f 00 70   ...z-].........p
0030  65 65 6b 20 6f 66 20 70 61 6e 64 6f 72 61         eek of pandora

Internet Protocol, Src Addr: 62.43.99.84
User Datagram Protocol, Src Port: 1026 (1026), Dst Port: 11613 (11613)
    Length: 24
Data (16 bytes)
0020  01 fa 04 02 2d 5d 00 18 6e 6b e3 98 01 0b 00 70   ....-]..nk.....p
0030  61 63 6f 20 63 65 70 65 72 6f 02 30               aco cepero.0

These represent a small fraction of packets from numerous sources.
Has anyone seen this before?
Is it some new fangled p2p?

Thanks,
farmer6re9
-- 
Eating Crow is better with MyCrowSauce

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list