The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

UDP Flood Attack From 74.127.xx.xx

Discussion in 'Security' started by crazyaboutlinux, Sep 15, 2011.

  1. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    Subject: UDP Flood Attack From 74.127.xx.xx

    Our network has been repeatedly attacked from this above marked IP with
    UDP attacks. Please take actions to secure this machine, and prevent it
    from attacking us (or anyone else). Attached are some truncated logs from
    when we were under an attack from this IP.

    The IP that was targetted was 133.65.12.255

    If it helps, other admins in the past have reported this issue was caused
    by an apache script exploit, most commonly log.php, which is actually a
    remote udp flood script.

    Thanks for your attention and quick resolution of this matter.

    Sincerely,
    d2jsp.org Email Support

    ------------------------------------------------------------
    tcpdump logs for ip: 74.127.xx.xx
    Total bytes received from this ip: 680040307
    Logs truncated to 1000 lines. Full logs available upon request.

    Code:
    2011-09-14 07:29:36.853348 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#42613]
    2011-09-14 07:29:36.853725 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#42613]
    2011-09-14 07:29:36.853866 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#42869]
    2011-09-14 07:29:36.854340 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#42869]
    2011-09-14 07:29:36.855477 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#43381]
    2011-09-14 07:29:36.855605 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#43381]
    2011-09-14 07:29:36.856475 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#43637]
    2011-09-14 07:29:36.856848 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#43893]
    2011-09-14 07:29:36.857241 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#43893]
    2011-09-14 07:29:36.858589 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#44405]
    2011-09-14 07:29:36.858963 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#44661]
    2011-09-14 07:29:36.860100 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#45173]
    2011-09-14 07:29:36.860233 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#45173]
    2011-09-14 07:29:36.860464 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#45173]
    2011-09-14 07:29:36.860961 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#45429]
    2011-09-14 07:29:36.860984 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#45429]
    2011-09-14 07:29:36.861481 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#45685]
    2011-09-14 07:29:36.861720 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#45685]
    2011-09-14 07:29:36.862213 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#45941]
    2011-09-14 07:29:36.862354 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#45941]
    2011-09-14 07:29:36.862840 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#46197]
    2011-09-14 07:29:36.862961 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#46197]
    2011-09-14 07:29:36.863216 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#46197]
    2011-09-14 07:29:36.863224 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#46197]
    2011-09-14 07:29:36.864600 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#46709]
    2011-09-14 07:29:36.865099 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#46965]
    2011-09-14 07:29:36.866220 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#47477]
    2011-09-14 07:29:36.866477 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#47477]
    2011-09-14 07:29:36.866973 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#47733]
    2011-09-14 07:29:36.867975 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#47989]
    2011-09-14 07:29:36.868460 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#48245]
    2011-09-14 07:29:36.868582 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#48245]
    2011-09-14 07:29:36.868712 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#48245]
    2011-09-14 07:29:36.869093 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#48501]
    2011-09-14 07:29:36.869222 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#48501]
    2011-09-14 07:29:36.869345 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#48501]
    2011-09-14 07:29:36.870337 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#49013]
    2011-09-14 07:29:36.870719 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#49013]
    2011-09-14 07:29:36.870729 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#49013]
    2011-09-14 07:29:36.871712 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#49525]
    2011-09-14 07:29:36.873329 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#50037]
    2011-09-14 07:29:36.874722 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#50549]
    2011-09-14 07:29:36.875340 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#50805]
    2011-09-14 07:29:36.875578 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#50805]
    2011-09-14 07:29:36.876701 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#51317]
    2011-09-14 07:29:36.877970 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#51829]
    2011-09-14 07:29:36.878603 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#52085]
    2011-09-14 07:29:36.878974 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#52085]
    2011-09-14 07:29:36.879584 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#52341]
    2011-09-14 07:29:36.879951 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#52597]
    2011-09-14 07:29:36.880203 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#52597]
    2011-09-14 07:29:36.880333 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#52597]
    2011-09-14 07:29:36.880584 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#52853]
    2011-09-14 07:29:36.881094 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#52853]
    2011-09-14 07:29:36.881330 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#53109]
    2011-09-14 07:29:36.881460 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#53109]
    2011-09-14 07:29:36.881596 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#53109]
    2011-09-14 07:29:36.881839 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#53109]
    2011-09-14 07:29:36.882452 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#53365]
    2011-09-14 07:29:36.883698 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#53877]
    2011-09-14 07:29:36.883722 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#53877]
    2011-09-14 07:29:36.883843 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#53877]
    2011-09-14 07:29:36.884081 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#53877]
    2011-09-14 07:29:36.884220 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#54133]
    2011-09-14 07:29:36.884323 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#54133]
    2011-09-14 07:29:36.885077 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#54389]
    2011-09-14 07:29:36.919560 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#1654]
    2011-09-14 07:29:36.919690 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#1654]
    2011-09-14 07:29:36.922312 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#2166]
    2011-09-14 07:29:36.923675 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#2678]
    2011-09-14 07:29:36.923800 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#2678]
    2011-09-14 07:29:36.924188 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#2934]
    2011-09-14 07:29:36.924303 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#2934]
    2011-09-14 07:29:36.924556 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#2934]
    2011-09-14 07:29:36.925057 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#3190]
    2011-09-14 07:29:36.925311 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#3190]
    2011-09-14 07:29:36.925558 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#3446]
    2011-09-14 07:29:36.925687 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#3446]
    2011-09-14 07:29:36.925806 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#3446]
    2011-09-14 07:29:36.996148 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#28534]
    2011-09-14 07:29:36.996888 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#28790]
    2011-09-14 07:29:36.997020 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#28790]
    2011-09-14 07:29:37.008137 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#32886]
    2011-09-14 07:29:37.008252 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#32886]
    2011-09-14 07:29:37.008754 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#33142]
    2011-09-14 07:29:37.009142 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#33398]
    2011-09-14 07:29:37.009398 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#33398]
    2011-09-14 07:29:37.009875 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#33654]
    2011-09-14 07:29:37.010256 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#33654]
    2011-09-14 07:29:37.010261 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#33654]
    2011-09-14 07:29:37.011519 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#34166]
    2011-09-14 07:29:37.012258 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#34422]
    2011-09-14 07:29:37.012266 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#34422]
    2011-09-14 07:29:37.012626 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#34678]
    2011-09-14 07:29:37.012754 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#34678]
    2011-09-14 07:29:37.012873 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#34678]
    2011-09-14 07:29:37.012998 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#34678]
    2011-09-14 07:29:37.013510 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#34934]
    2011-09-14 07:29:37.014128 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#35190]
    2011-09-14 07:29:37.014379 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#35190]
    2011-09-14 07:29:37.014752 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#35446]
    2011-09-14 07:29:37.014879 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#35446]
    2011-09-14 07:29:37.015127 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#35446]
    2011-09-14 07:29:37.015752 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#35702]
    2011-09-14 07:29:37.016024 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#35958]
    2011-09-14 07:29:37.016250 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#35958]
    2011-09-14 07:29:37.017121 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#36214]
    2011-09-14 07:29:37.017132 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#36214]
    2011-09-14 07:29:37.017641 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#36470]
    2011-09-14 07:29:37.018126 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#36726]
    2011-09-14 07:29:37.018250 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#36726]
    2011-09-14 07:29:37.018266 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#36726]
    2011-09-14 07:29:37.018646 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#36982]
    2011-09-14 07:29:37.019245 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#36982]
    2011-09-14 07:29:37.019628 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#37238]
    2011-09-14 07:29:37.019884 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#37238]
    2011-09-14 07:29:37.020870 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#37750]
    2011-09-14 07:29:37.021016 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#37750]
    2011-09-14 07:29:37.021626 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#38006]
    2011-09-14 07:29:37.021869 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#38006]
    2011-09-14 07:29:37.021872 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#38006]
    2011-09-14 07:29:37.022393 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#38262]
    2011-09-14 07:29:37.022502 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#38262]
    2011-09-14 07:29:37.022761 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#38518]
    2011-09-14 07:29:37.023742 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#38774]
    2011-09-14 07:29:37.024368 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#39030]
    2011-09-14 07:29:37.024515 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#39030]
    2011-09-14 07:29:37.024999 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#39286]
    2011-09-14 07:29:37.025883 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#39542]
    2011-09-14 07:29:37.026515 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#39798]
    2011-09-14 07:29:37.026886 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#40054]
    2011-09-14 07:29:37.028017 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#40310]
    2011-09-14 07:29:37.029868 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#41078]
    2011-09-14 07:29:37.030008 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#41078]
    2011-09-14 07:29:37.031252 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#41590]
    2011-09-14 07:29:37.031498 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#41590]
    2011-09-14 07:29:37.031877 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#41846]
    2011-09-14 07:29:37.032497 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#42102]
    2011-09-14 07:29:37.032758 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#42102]
    2011-09-14 07:29:37.033124 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#42358]
    2011-09-14 07:29:37.034135 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#42614]
    2011-09-14 07:29:37.034241 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#42614]
    2011-09-14 07:29:37.034491 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#42870]
    2011-09-14 07:29:37.034513 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#42870]
    2011-09-14 07:29:37.035993 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#43382]
    2011-09-14 07:29:37.036127 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#43382]
    2011-09-14 07:29:37.037363 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#43894]
    2011-09-14 07:29:37.037501 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#43894]
    2011-09-14 07:29:37.038359 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#44150]
    2011-09-14 07:29:37.038866 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#44406]
    2011-09-14 07:29:37.039368 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#44662]
    2011-09-14 07:29:37.040363 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#44918]
    2011-09-14 07:29:37.040740 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#45174]
    2011-09-14 07:29:37.041611 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#45430]
    2011-09-14 07:29:37.041627 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#45430]
    2011-09-14 07:29:37.042111 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#45686]
    2011-09-14 07:29:37.042232 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#45686]
    2011-09-14 07:29:37.043873 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#46198]
    2011-09-14 07:29:37.044242 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#46454]
    2011-09-14 07:29:37.044759 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#46710]
    2011-09-14 07:29:37.044868 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#46710]
    2011-09-14 07:29:37.045107 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#46710]
    2011-09-14 07:29:37.046127 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#47222]
    2011-09-14 07:29:37.046856 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#47478]
    2011-09-14 07:29:37.046992 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#47478]
    2011-09-14 07:29:37.047111 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#47478]
    2011-09-14 07:29:37.047229 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#47478]
    2011-09-14 07:29:37.047869 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#47734]
    2011-09-14 07:29:37.048118 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#47990]
    2011-09-14 07:29:37.048495 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#47990]
    2011-09-14 07:29:37.049232 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#48246]
    2011-09-14 07:29:37.049989 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#48502]
    2011-09-14 07:29:37.050600 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#48758]
    2011-09-14 07:29:37.051107 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#49014]
    2011-09-14 07:29:37.051744 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#49270]
    2011-09-14 07:29:37.051978 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#49270]
    2011-09-14 07:29:37.052488 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#49526]
    2011-09-14 07:29:37.052620 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#49526]
    2011-09-14 07:29:37.052876 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#49782]
    2011-09-14 07:29:37.054004 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#50038]
    2011-09-14 07:29:37.054373 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#50294]
    2011-09-14 07:29:37.054982 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#50550]
    2011-09-14 07:29:37.055122 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#50550]
    2011-09-14 07:29:37.055619 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#50806]
    2011-09-14 07:29:37.056126 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#50806]
    2011-09-14 07:29:37.056494 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#51062]
    2011-09-14 07:29:37.056736 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#51062]
    2011-09-14 07:29:37.057618 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#51574]
    2011-09-14 07:29:37.057873 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#51574]
    2011-09-14 07:29:37.058102 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#51574]
    2011-09-14 07:29:37.058482 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#51830]
    2011-09-14 07:29:37.058727 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#51830]
    2011-09-14 07:29:37.059102 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#52086]
    2011-09-14 07:29:37.059473 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#52086]
    2011-09-14 07:29:37.059847 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#52342]
    2011-09-14 07:29:37.060496 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#52598]
    2011-09-14 07:29:37.060735 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#52598]
    2011-09-14 07:29:37.061494 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#52854]
    2011-09-14 07:29:37.062843 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#53366]
    2011-09-14 07:29:37.063602 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#53622]
    2011-09-14 07:29:37.064238 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#53878]
    2011-09-14 07:29:37.064867 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#54134]
    2011-09-14 07:29:37.065718 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#54390]
    2011-09-14 07:29:37.066095 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#54646]
    2011-09-14 07:29:37.066107 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#54646]
    2011-09-14 07:29:37.066240 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#54646]
    2011-09-14 07:29:37.066977 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#54902]
    2011-09-14 07:29:37.066987 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#54902]
    2011-09-14 07:29:37.067597 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#55158]
    2011-09-14 07:29:37.067609 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#55158]
    2011-09-14 07:29:37.067977 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#55414]
    2011-09-14 07:29:37.068110 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#55414]
    2011-09-14 07:29:37.068740 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#55670]
    2011-09-14 07:29:37.069093 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#55670]
    2011-09-14 07:29:37.069108 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#55670]
    2011-09-14 07:29:37.069370 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#55926]
    2011-09-14 07:29:37.069619 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#55926]
    2011-09-14 07:29:37.069976 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#56182]
    2011-09-14 07:29:37.081711 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#60534]
    2011-09-14 07:29:37.081845 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#60534]
    2011-09-14 07:29:37.082590 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#60790]
    2011-09-14 07:29:37.082981 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#61046]
    2011-09-14 07:29:37.083341 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#61046]
    2011-09-14 07:29:37.083844 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#61302]
    2011-09-14 07:29:37.085211 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#61814]
    2011-09-14 07:29:37.085466 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#61814]
    2011-09-14 07:29:37.085835 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#62070]
    2011-09-14 07:29:37.086086 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#62070]
    2011-09-14 07:29:37.086465 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#62326]
    2011-09-14 07:29:37.086597 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#62326]
    2011-09-14 07:29:37.086845 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#62326]
    2011-09-14 07:29:37.087335 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#62582]
    2011-09-14 07:29:37.088088 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#62838]
    2011-09-14 07:29:37.088479 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#63094]
    2011-09-14 07:29:37.088720 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#63094]
    2011-09-14 07:29:37.088852 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#63094]
    2011-09-14 07:29:37.089589 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#63350]
    2011-09-14 07:29:37.089974 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#63606]
    2011-09-14 07:29:37.090600 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#63862]
    2011-09-14 07:29:37.091587 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#64118]
    2011-09-14 07:29:37.091968 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#64374]
    2011-09-14 07:29:37.092717 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#64630]
    2011-09-14 07:29:37.093349 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#64886]
    2011-09-14 07:29:37.093704 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#64886]
    2011-09-14 07:29:37.093713 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#64886]
    2011-09-14 07:29:37.093954 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#65142]
    2011-09-14 07:29:37.094097 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#65142]
    2011-09-14 07:29:37.095083 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#65398]
    2011-09-14 07:29:37.095474 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#119]
    2011-09-14 07:29:37.095700 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#119]
    2011-09-14 07:29:37.096090 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#375]
    2011-09-14 07:29:37.096215 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#375]
    2011-09-14 07:29:37.096703 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#631]
    2011-09-14 07:29:37.098211 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#1143]
    2011-09-14 07:29:37.098340 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#1143]
    2011-09-14 07:29:37.098463 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#1143]
    2011-09-14 07:29:37.098830 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#1399]
    2011-09-14 07:29:37.099096 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#1399]
    2011-09-14 07:29:37.099459 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#1655]
    2011-09-14 07:29:37.099476 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#1655]
    2011-09-14 07:29:37.100097 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#1911]
    2011-09-14 07:29:37.100325 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#1911]
    2011-09-14 07:29:37.100846 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#2167]
    2011-09-14 07:29:37.101476 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#2423]
    2011-09-14 07:29:37.101701 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#2423]
    2011-09-14 07:29:37.101954 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#2423]
    2011-09-14 07:29:37.102583 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#2679]
    2011-09-14 07:29:37.103103 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#2935]
    2011-09-14 07:29:37.103948 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#3191]
    2011-09-14 07:29:37.104214 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#3447]
    2011-09-14 07:29:37.104323 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#3447]
    2011-09-14 07:29:37.104456 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#3447]
    2011-09-14 07:29:37.104703 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#3447]
    2011-09-14 07:29:37.104962 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#3703]
    2011-09-14 07:29:37.105945 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#3959]
    2011-09-14 07:29:37.105974 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#3959]
    2011-09-14 07:29:37.106343 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#4215]
    2011-09-14 07:29:37.107711 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#4727]
    2011-09-14 07:29:37.108329 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#4983]
    2011-09-14 07:29:37.109080 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#5239]
    2011-09-14 07:29:37.109199 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#5239]
    2011-09-14 07:29:37.109342 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#5239]
    2011-09-14 07:29:37.109816 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#5495]
    2011-09-14 07:29:37.110696 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#5751]
    2011-09-14 07:29:37.110962 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#6007]
    2011-09-14 07:29:37.111197 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#6007]
    2011-09-14 07:29:37.112065 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#6263]
    2011-09-14 07:29:37.112077 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#6263]
    2011-09-14 07:29:37.112582 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#6519]
    2011-09-14 07:29:37.112594 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#6519]
    2011-09-14 07:29:37.113815 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#7031]
    2011-09-14 07:29:37.113835 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#7031]
    2011-09-14 07:29:37.114832 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#7287]
    2011-09-14 07:29:37.115832 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#7799]
    2011-09-14 07:29:37.116192 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#7799]
    2011-09-14 07:29:37.116563 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#8055]
    2011-09-14 07:29:37.116574 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#8055]
    2011-09-14 07:29:37.117580 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#8311]
    2011-09-14 07:29:37.117940 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#8567]
    2011-09-14 07:29:37.118201 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#8567]
    2011-09-14 07:29:37.118212 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#8567]
    2011-09-14 07:29:37.118587 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#8823]
    2011-09-14 07:29:37.118828 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#8823]
    2011-09-14 07:29:37.118946 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#8823]
    2011-09-14 07:29:37.119944 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#9335]
    2011-09-14 07:29:37.120071 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#9335]
    2011-09-14 07:29:37.120590 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#9591]
    2011-09-14 07:29:37.121707 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#9847]
    2011-09-14 07:29:37.122445 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#10103]
    2011-09-14 07:29:37.122707 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#10359]
    2011-09-14 07:29:37.123067 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#10359]
    2011-09-14 07:29:37.123084 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#10359]
    2011-09-14 07:29:37.124457 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#10871]
    2011-09-14 07:29:37.124562 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#10871]
    2011-09-14 07:29:37.124816 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#11127]
    2011-09-14 07:29:37.124948 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#11127]
    2011-09-14 07:29:37.125075 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#11127]
    2011-09-14 07:29:37.125308 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#11127]
    2011-09-14 07:29:37.126318 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#11639]
    2011-09-14 07:29:37.126842 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#11895]
    2011-09-14 07:29:37.127569 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#12151]
    2011-09-14 07:29:37.127693 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#12151]
    2011-09-14 07:29:37.127955 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#12151]
    2011-09-14 07:29:37.128560 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#12407]
    2011-09-14 07:29:37.129687 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#12919]
    2011-09-14 07:29:37.129816 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#12919]
    2011-09-14 07:29:37.130314 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#13175]
    2011-09-14 07:29:37.130448 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#13175]
    2011-09-14 07:29:37.130807 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#13175]
    2011-09-14 07:29:37.131193 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#13431]
    2011-09-14 07:29:37.131319 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#13431]
    2011-09-14 07:29:37.132553 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#13943]
    2011-09-14 07:29:37.133191 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#14199]
    2011-09-14 07:29:37.133309 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#14199]
    2011-09-14 07:29:37.134930 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#14711]
    2011-09-14 07:29:37.136563 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#15479]
    2011-09-14 07:29:37.137314 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#15735]
    2011-09-14 07:29:37.138831 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#16247]
    2011-09-14 07:29:37.140070 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#16503]
    2011-09-14 07:29:37.154551 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#21879]
    2011-09-14 07:29:37.155309 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#22135]
    2011-09-14 07:29:37.155426 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#22135]
    2011-09-14 07:29:37.155808 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#22391]
    2011-09-14 07:29:37.155933 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#22391]
    2011-09-14 07:29:37.156430 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#22647]
    2011-09-14 07:29:37.156550 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#22647]
    2011-09-14 07:29:37.156914 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#22647]
    2011-09-14 07:29:37.156920 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#22647]
    2011-09-14 07:29:37.156939 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#22903]
    2011-09-14 07:29:37.157431 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#22903]
    2011-09-14 07:29:37.158549 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#23415]
    2011-09-14 07:29:37.158914 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#23415]
    2011-09-14 07:29:37.158927 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#23415]
    2011-09-14 07:29:37.159289 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#23671]
    2011-09-14 07:29:37.159920 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#23927]
    2011-09-14 07:29:37.160805 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#24183]
    2011-09-14 07:29:37.161412 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#24439]
    2011-09-14 07:29:37.161925 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#24695]
    2011-09-14 07:29:37.162303 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#24695]
    2011-09-14 07:29:37.162793 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#24951]
    2011-09-14 07:29:37.163428 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#25207]
    2011-09-14 07:29:37.164041 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#25463]
    2011-09-14 07:29:37.164550 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#25719]
    2011-09-14 07:29:37.165543 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#25975]
    2011-09-14 07:29:37.165562 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#25975]
    2011-09-14 07:29:37.166162 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#26231]
    2011-09-14 07:29:37.166789 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#26487]
    2011-09-14 07:29:37.166920 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#26487]
    2011-09-14 07:29:37.167045 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#26487]
    2011-09-14 07:29:37.168036 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#26999]
    2011-09-14 07:29:37.168168 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#26999]
    2011-09-14 07:29:37.168286 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#26999]
    2011-09-14 07:29:37.168419 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#26999]
    2011-09-14 07:29:37.168672 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#27255]
    2011-09-14 07:29:37.169299 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#27511]
    2011-09-14 07:29:37.169407 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#27511]
    2011-09-14 07:29:37.170294 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#27767]
    2011-09-14 07:29:37.170670 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#28023]
    2011-09-14 07:29:37.171430 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#28279]
    2011-09-14 07:29:37.172405 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#28535]
    2011-09-14 07:29:37.172794 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#28791]
    2011-09-14 07:29:37.173285 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#28791]
    2011-09-14 07:29:37.174180 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#29303]
    2011-09-14 07:29:37.175159 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#29559]
    2011-09-14 07:29:37.175279 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#29559]
    2011-09-14 07:29:37.175285 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#29559]
    2011-09-14 07:29:37.175549 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#29815]
    2011-09-14 07:29:37.175904 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#29815]
    2011-09-14 07:29:37.176529 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#30071]
    2011-09-14 07:29:37.176654 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#30071]
    2011-09-14 07:29:37.176919 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#30327]
    2011-09-14 07:29:37.178032 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#30583]
    2011-09-14 07:29:37.178294 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#30839]
    2011-09-14 07:29:37.178547 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#30839]
    2011-09-14 07:29:37.179404 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#31095]
    2011-09-14 07:29:37.180032 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#31351]
    2011-09-14 07:29:37.180414 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#31607]
    2011-09-14 07:29:37.182417 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#32119]
    2011-09-14 07:29:37.182668 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#32375]
    2011-09-14 07:29:37.183026 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#32375]
    2011-09-14 07:29:37.183793 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#32887]
    2011-09-14 07:29:37.183920 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#32887]
    2011-09-14 07:29:37.184042 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#32887]
    2011-09-14 07:29:37.184295 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#33143]
    2011-09-14 07:29:37.184776 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#33143]
    2011-09-14 07:29:37.185292 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#33399]
    2011-09-14 07:29:37.186171 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#33655]
    2011-09-14 07:29:37.186524 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#33911]
    2011-09-14 07:29:37.186841 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#33911]
    2011-09-14 07:29:37.186856 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#33911]
    2011-09-14 07:29:37.186875 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#33911]
    2011-09-14 07:29:37.187160 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#34167]
    2011-09-14 07:29:37.187536 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#34167]
    2011-09-14 07:29:37.187911 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#34423]
    2011-09-14 07:29:37.188285 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#34423]
    2011-09-14 07:29:37.188673 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#34679]
    2011-09-14 07:29:37.188909 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#34679]
    2011-09-14 07:29:37.191899 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#34935]
    2011-09-14 07:29:37.192031 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#34935]
    2011-09-14 07:29:37.192044 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#34935]
    2011-09-14 07:29:37.192396 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#35191]
    2011-09-14 07:29:37.192901 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#35191]
    2011-09-14 07:29:37.193282 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#35447]
    2011-09-14 07:29:37.193406 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#35447]
    2011-09-14 07:29:37.193772 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#35703]
    2011-09-14 07:29:37.194021 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#35703]
    2011-09-14 07:29:37.194147 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#35703]
    2011-09-14 07:29:37.194649 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#35959]
    2011-09-14 07:29:37.195394 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#36215]
    2011-09-14 07:29:37.195410 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#36215]
    2011-09-14 07:29:37.195903 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#36471]
    2011-09-14 07:29:37.196033 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#36471]
    2011-09-14 07:29:37.198271 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#36983]
    2011-09-14 07:29:37.198905 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#37239]
    2011-09-14 07:29:37.199149 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#37239]
    2011-09-14 07:29:37.200530 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#37751]
    2011-09-14 07:29:37.201530 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#38263]
    2011-09-14 07:29:37.202514 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#38519]
    2011-09-14 07:29:37.203021 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#38775]
    2011-09-14 07:29:37.203780 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#39031]
    2011-09-14 07:29:37.204012 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#39031]
    2011-09-14 07:29:37.204641 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#39287]
    2011-09-14 07:29:37.205891 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#39799]
    2011-09-14 07:29:37.206018 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#39799]
    2011-09-14 07:29:37.206396 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#40055]
    2011-09-14 07:29:37.206784 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#40055]
    2011-09-14 07:29:37.207261 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#40311]
    2011-09-14 07:29:37.208044 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#40567]
    2011-09-14 07:29:37.208137 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#40567]
    2011-09-14 07:29:37.208393 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#40823]
    2011-09-14 07:29:37.208772 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#40823]
    2011-09-14 07:29:37.208774 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#40823]
    2011-09-14 07:29:37.209024 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#41079]
    2011-09-14 07:29:37.209906 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#41335]
    2011-09-14 07:29:37.210524 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#41591]
    2011-09-14 07:29:37.210647 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#41591]
    2011-09-14 07:29:37.211134 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#41847]
    2011-09-14 07:29:37.211761 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#42103]
    2011-09-14 07:29:37.211906 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#42103]
    2011-09-14 07:29:37.212159 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#42103]
    2011-09-14 07:29:37.212633 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#42359]
    2011-09-14 07:29:37.213634 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#42615]
    2011-09-14 07:29:37.214889 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#43127]
    2011-09-14 07:29:37.215268 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#43383]
    2011-09-14 07:29:37.215536 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#43383]
    2011-09-14 07:29:37.215646 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#43383]
    2011-09-14 07:29:37.216028 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#43639]
    2011-09-14 07:29:37.216518 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#43639]
    2011-09-14 07:29:37.217141 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#43895]
    2011-09-14 07:29:37.217884 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#44151]
    2011-09-14 07:29:37.218147 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#44407]
    2011-09-14 07:29:37.218385 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#44407]
    2011-09-14 07:29:37.218767 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#44663]
    2011-09-14 07:29:37.218882 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#44663]
    2011-09-14 07:29:37.220141 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#45175]
    2011-09-14 07:29:37.220654 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#45431]
    2011-09-14 07:29:37.275116 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#64887]
    2011-09-14 07:29:37.275244 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (834 bytes) [#64887]
    2011-09-14 07:29:37.275607 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#65143]
    2011-09-14 07:29:37.275973 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#65143]
    2011-09-14 07:29:37.276346 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#65399]
    2011-09-14 07:29:37.276474 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#65399]
    2011-09-14 07:29:37.276595 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#65399]
    2011-09-14 07:29:37.276722 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#65399]
    2011-09-14 07:29:37.277122 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#120]
    2011-09-14 07:29:37.277723 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#376]
    I have done following on the server to prevent it but still getting the same problem
    1) we have configured firewall and removed some unnecessary udp ports which was enabled.
    2) we have set limit the outbound flow rate of UDP packets
    3) set 100 limit the outbound flow rate of UDP packets
    4) ran scan on the server with LMD (maldet), see below scan result

    Code:
    malware detect scan report for 74.127.xx.xx:
    SCAN ID: 090711-1547.10390
    TIME: Sep 12 21:02:27 +0530
    PATH: /home*/*/public_html
    TOTAL FILES: 1143657
    TOTAL HITS: 67
    TOTAL CLEANED: 0
    
    NOTE: quarantine disabled; set quar_hits=1 in conf.maldet or run 'maldet -q 090711-1547.10390' to quarantine results
    FILE HIT LIST:
    {HEX}gzbase64.inject.unclassed.14 : /home/capatel/public_html/plugins/content/articles.php
    {MD5}exp.kernel.vmsplice.171 : /home/capatel/public_html/tmp/3a
    {MD5}exp.linux.unclassed.194 : /home/capatel/public_html/tmp/dz
    {MD5}exp.kernel.ptrace.152 : /home/capatel/public_html/tmp/2.6.9-55-2007-prv8
    {MD5}exp.linux.unclassed.191 : /home/capatel/public_html/tmp/enlightenment/exp_wunderbar.c
    {MD5}exp.linux.unclassed.222 : /home/capatel/public_html/tmp/enlightenment/exp_paokara.c
    {MD5}exp.linux.unclassed.188 : /home/capatel/public_html/tmp/enlightenment/exp_ingom0wnar.c
    {MD5}exp.linux.unclassed.212 : /home/capatel/public_html/tmp/enlightenment/exp_cheddarbay.c
    {MD5}exp.linux.unclassed.218 : /home/capatel/public_html/tmp/enlightenment/exp_moosecox.c
    {MD5}exp.linux.unclassed.221 : /home/capatel/public_html/tmp/enlightenment/exp_vmware.c
    {MD5}exp.linux.unclassed.215 : /home/capatel/public_html/tmp/enlightenment/exp_powerglove.c
    {MD5}exp.linux.unclassed.201 : /home/capatel/public_html/tmp/enlightenment/exp_therebel.c
    {MD5}exp.linux.unclassed.183 : /home/capatel/public_html/tmp/enlightenment/pwnkernel.c
    {MD5}exp.linux.unclassed.224 : /home/capatel/public_html/tmp/enlightenment/run_null_exploits.sh
    {MD5}base64.inject.unclassed.63 : /home/colouris/public_html/components/com_chronocontact/chronocontact.html.php
    {HEX}gzbase64.inject.unclassed.14 : /home/cupidoa/public_html/includes/classes/seo.url.php
    {MD5}php.cmdshell.unclassed.3301 : /home/doorman/public_html/css.php
    {MD5}php.shell.rc99.5804 : /home/doorman/public_html/images/632ce.php
    {MD5}base64.inject.unclassed.20 : /home/doorman/public_html/images/b51a1.php
    {HEX}php.cmdshell.c100.203 : /home/doorman/public_html/images/x.php
    {MD5}gzbase64.inject.unclassed.283 : /home/doorman/public_html/images/img37021532.php
    {MD5}php.exe.globals.3450 : /home/doorman/public_html/images/fe2d0.php
    {MD5}php.exe.globals.3569 : /home/eshopas/public_html/images/blam.php
    {MD5}php.exe.globals.3476 : /home/eshopas/public_html/images/wp-comments.php
    {MD5}base64.inject.unclassed.72 : /home/eshopas/public_html/images/imagem214.php
    {HEX}php.exe.globals.374 : /home/eshopas/public_html/images/login.php
    {MD5}php.exe.globals.3450 : /home/eshopas/public_html/images/be315.php
    {MD5}php.cmdshell.unclassed.3283 : /home/gujaratn/public_html/images/stories/arotoss.php.orion
    {HEX}gzbase64.inject.unclassed.14 : /home/hollywod/public_html/OLD_corupt/includes/classes/seo.url.php
    {HEX}gzbase64.inject.unclassed.14 : /home/hollywod/public_html/newwood/includes_old/classes/seo.url.php
    {HEX}gzbase64.inject.unclassed.14 : /home/hollywod/public_html/newwood/includes/classes/seo.url.php
    {MD5}php.exe.globals.3639 : /home/jkspices/public_html/old_file/products/goog1e5d18387f649b3b.php
    {MD5}php.exe.globals.3639 : /home/jkspices/public_html/old_file/products/goog1e3d90a2bfc55e61.php
    {MD5}php.exe.globals.3639 : /home/jkspices/public_html/old_file/products/images/goog1e1663ba39baa4ac.php
    {MD5}php.exe.globals.3639 : /home/jkspices/public_html/old_file/products/images/goog1e26748abfcc877.php
    {MD5}php.exe.globals.3639 : /home/jkspices/public_html/old_file/products/images/goog1eb83ca3942eb584.php
    {MD5}php.exe.globals.3639 : /home/jkspices/public_html/old_file/products/images/goog1ecb91572aa8cc5c.php
    {HEX}php.exe.globals.376 : /home/kailash/public_html/old/Gallery1/setup/check_imagemagick.php
    {HEX}php.exe.globals.376 : /home/kailash/public_html/old/Gallery1/setup/check_netpbm.php
    {MD5}base64.inject.unclassed.63 : /home/molecule/public_html/dev/components/com_chronocontact/chronocontact.html.php
    {MD5}gzbase64.inject.unclassed.316 : /home/molecule/public_html/mol/libraries/simplepie/idn/BankofBaroda/BoBRetail_files/php.infos.php
    {MD5}gzbase64.inject.unclassed.316 : /home/molecule/public_html/mol/includes/BankofBaroda/BoBRetail_files/php.infos.php
    {HEX}php.cmdshell.unclassed.338 : /home/molecule/public_html/mol/includes/thum.php
    {HEX}gzbase64.inject.unclassed.14 : /home/mtccard/public_html/includes/classes/seo.class.php
    {HEX}gzbase64.inject.unclassed.14 : /home/mtccard/public_html/includes/classes/seo.class.php.bak
    {HEX}gzbase64.inject.unclassed.14 : /home/mtccard/public_html/includes/classes/Mar_11_seo.class.php
    {HEX}gzbase64.inject.unclassed.14 : /home/mtccard/public_html/includes/classes/seo.class_org.php
    {HEX}php.generic.cav7.386 : /home/nanogen/public_html/nanogen/eMailer.php
    {HEX}base64.inject.unclassed.7 : /home/rcrworld/public_html/wordpressO2/wp-content/themes/Stripey/footer.php
    {HEX}base64.inject.unclassed.7 : /home/rcrworld/public_html/wordpressO2/wp-content/themes/transblack-10/footer.php
    {HEX}gzbase64.inject.unclassed.14 : /home/rcrworld/public_html/wordpressO/wp-content/themes/mini_patch_garden_hoe081/mini_patch_garden_hoe081/functions.php
    {HEX}gzbase64.inject.unclassed.14 : /home/rcrworld/public_html/wordpressO/wp-content/themes/mini_patch_garden_hoe081/mini_patch_garden_hoe081/footer.php
    {HEX}base64.inject.unclassed.7 : /home/rcrworld/public_html/wordpressO/wp-content/themes/Stripey/footer.php
    {HEX}base64.inject.unclassed.7 : /home/rcrworld/public_html/wordpressO/wp-content/themes/vibrant/footer.php
    {HEX}base64.inject.unclassed.7 : /home/rcrworld/public_html/wordpressO/wp-content/themes/transblack-10/footer.php
    {HEX}base64.inject.unclassed.7 : /home/rcrworld/public_html/wordpress/wordpress/wp-content/themes/Stripey/footer.php
    {HEX}gzbase64.inject.unclassed.14 : /home/richskin/public_html/includes/classes/seo.url.php
    {HEX}gzbase64.inject.unclassed.14 : /home/rosealak/public_html/includes/classes/seo.class.php
    {HEX}gzbase64.inject.unclassed.14 : /home/rosealak/public_html/includes/classes/seo.class_mit.php
    {HEX}gzbase64.inject.unclassed.14 : /home/rosealak/public_html/includes/classes/seo.class_08062011.php
    {HEX}gzbase64.inject.unclassed.14 : /home/stkabir/public_html/quiz/admin/login.php
    {HEX}gzbase64.inject.unclassed.14 : /home/stkabir/public_html/quiz/index.php_04Sept10
    {HEX}base64.inject.unclassed.7 : /home/waterjet/public_html/old-site-pages/images/gifimg.php
    {HEX}base64.inject.unclassed.7 : /home/waterjet/public_html/old-site-pages/images/image.php
    {HEX}base64.inject.unclassed.7 : /home/waterjet/public_html/images/gifimg.php
    {HEX}base64.inject.unclassed.7 : /home/waterjet/public_html/images/image.php
    {HEX}base64.inject.unclassed.7 : /home/yogiente/public_html/ethylbromide/images/image.php
    ===============================================
    Linux Malware Detect v1.4.0 < proj@rfxn.com >
    
    still we are getting UDP attack warning from our DC, can guys suggest what to do next to secure the server & prevent it ??
    I really need your help your guys
     
  2. k-planethost

    k-planethost Well-Known Member

    Joined:
    Sep 22, 2009
    Messages:
    199
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Athens Greece
    if csf doesnt block it i think maybe you have to get a hardware firewall
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,472
    Likes Received:
    200
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You need assistance from a security professional.

    You could start by going thru and inspecting every one of these files and killing the infected accounts. I see several items that look suspicious.
     
  4. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    why it doesn't cleaned automatically by maldet ??

    2nd this can i block outbound traffic for this IP 133.65.12.255 through csf or IP tables ?? if so let me know how ?

    2011-09-14 07:29:36.923800 GMT ip 74.127.xx.xx > 133.65.12.255: UDP (1514 bytes) [#2678]
     
    #4 crazyaboutlinux, Sep 16, 2011
    Last edited: Sep 16, 2011
  5. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    hi

    more info is require on this, where to get & how to install & configure it ??
     
  6. cPdans

    cPdans Member
    Staff Member

    Joined:
    Sep 6, 2011
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    If I'm reading your report correctly, the infected machine is remote. No software is going to clean the remote machine. That machine's administrator would have to clean up the infected machine. I suggest you make an abuse report to their host. You should be able to find out who is hosting them by performing a whois lookup on the ip address. A quick web search should yield contact details.

    "2nd this can i block outbound traffic for this IP 133.65.12.255 through csf or IP tables ?? if so let me know how ?"

    Have your host null route the ip address for 24 hours. The attack will likely cease after that time.
     
  7. k-planethost

    k-planethost Well-Known Member

    Joined:
    Sep 22, 2009
    Messages:
    199
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Athens Greece
    edit /usr/local/maldetect/conf.maldet and change
    email_alert=1
    email_addr="root"
    quar_hits=1
    scanthreads=5
    maxfilesize="1024k"

    quar_hits=1 that why maldet is not guarantee anything

    and rescan
    i suggest cxs as well an excellent cheap tool for scans and quarantee files when the user upload viruses.
    try with clamav as well to find php shells
     
  8. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Have you tried an lsof on the IP to see the results? If you see the results, you should then possibly be able to backtrack what is running the process that is causing the issue. Here's how you could do it:

    Code:
    lsof -Pni | grep 133.65.12.255
    This should show you definitively what service is running for that connection. For example, on my machine when I check my connection to the server, it has:

    Code:
    root@host [~]# lsof -Pni | grep 208.74.121.102
    sshd 15538 root 3u IPv6 504739441 TCP 208.74.124.109:22->208.74.121.102:8650 (ESTABLISHED)
     
  9. tquang

    tquang Member

    Joined:
    Sep 22, 2011
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Wow, if server your manage never run service use UDP, you can "blankhole" it

    Code:
    for DNS in 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220;do iptables -t nat -A PREROUTING -p udp ! -s $DNS -j REDIRECT --to-ports 9
    =>Why REDIRECT --to-ports 9 ?

    You can search document/info xinet discard service or netcat
    So, to simple, use netcat
    Code:
    yum install nc -y
    nc -vv -u -l 9 > /dev/null &
     
Loading...
Similar Threads - UDP Flood Attack
  1. keat63
    Replies:
    1
    Views:
    876
  2. Rodrigo Gomes
    Replies:
    4
    Views:
    266

Share This Page