[Dshield] Scans on port 3659?
brblueser at uol.com.br
Sun Nov 10 17:04:40 GMT 2002
usually, I get the same IP (22.214.171.124), but sometimes DHCP assigns
me a different one (right now it is 126.96.36.199). So, to make a long
story short, yes, it is dynamic.
This (using the IP of a former game server) would indeed be a reasonable
explanation for all this probing. I will try rejecting these connections
with tcp-reset to see what happens.
... or maybe I won't: it's been almost two days already port 3659
remains calm on my machine. Maybe whatever was happening ended, for some
reason (maybe dsl.telesp.net.br admin read my msg and took same action).
I will keep my eyes opened, though.
Thks again for the insights.
On Sun, 10 Nov 2002 07:01:06 -0600
"Ed Truitt" <ed.truitt at etee2k.net> wrote:
> It might. Just curious, are you on a dynamic IP address, or a static
> one? Quite often, we find here that if you are on a dynamic IP, when
> your address changes you start getting "probed" by machines trying to
> re-connect to services (P2P, games, etc.) provided by the previous
> holder of the IP. No malicious hacktivity, no sneaky attacks, just
> good old cruft...
> Ed Truitt
> PGP fingerprint: 5368 D25E 468C A250 9833 CCD6 DBAE 9C25 02F9 0AB9
> "Note to spammers: my 'delete' key is connected to YOUR ISP.
> Also, if you send me UCE, I reserve the right to post your spew
> on my Web site, with the appropriate color commentary, so that
> others may have a good laugh at your expense."
> ----- Original Message -----
> From: "Andre Costa" <brblueser at uol.com.br>
> To: <list at dshield.org>
> Sent: Saturday, November 09, 2002 10:39 AM
> Subject: Re: [Dshield] Scans on port 3659?
> > Ahhh... "live and learn" ;) Sorry for the paranoia... those
> > networking classes took place too long ago, think I'd better review
> > a few concepts;)
> > I had done a reverse lookup on the IP which linked it to this
> > dsl.telesp.net.br. I even tried to contact them asking for
> > explanations, but am still waiting for a reply.
> > Regarding the connections attempts, would it help if instead of
> > dropping the requests I reject them with tcp-reset?
> > Thks again for the help,
> > Andre
Andre Oliveira da Costa
More information about the list