[Dshield] TCP 14921 to 8247

James C. Slora Jr. Jim.Slora at phra.com
Wed Jun 4 02:55:38 GMT 2003


Anyone have a clue what usually comes from TCP 14921 and targets 8247?

I'm getting accelerating probes on one system. First probe was May 17.
Multiple addresses are probing, with one primary prober. No packet
captures - just perimeter port logs.

Is this the bot du jour, or a cable modem exploit attempt, or what?

A few have source port other than 14921, but that port accounts for the
overwhelming majority. Maybe 14921 to 8247 is peer to peer between bots and
other source ports indicate control connections from masters.

Probers:
U.S. Postal Service (the primary prober)
Rogers (CA) roadrunner cable modem user
Primus (CA) cable modem user
CATV.net (JP) cable modem user
BrasilTelecom (BR) DSL user
ATTBi (US) user
PacBell (US) DSL user
Telia (SE) user
Mindspring (US) cable modem user
Proxad (FR) DSL user


Times are GMT -4:00

2003/05/17  00:04:19.48  56.107.36.11  14921  myhost  8247
2003/05/19  14:01:41.84  82.64.195.116  1025  myhost  8247
2003/05/19  18:30:17.13  56.107.36.11  14921  myhost  8247
2003/05/21  18:59:26.41  56.107.36.11  14921  myhost  8247
2003/05/23  16:16:55.21  56.107.36.11  14921  myhost  8247
2003/05/23  20:38:15.56  56.107.36.11  14921  myhost  8247
2003/05/24  07:49:08.17  56.107.36.11  14921  myhost  8247
2003/05/24  14:31:38.61  56.107.36.11  14921  myhost  8247
2003/05/24  17:50:15.71  56.107.36.11  14921  myhost  8247
2003/05/25  02:41:47.95  56.107.36.11  14921  myhost  8247
2003/05/26  02:39:44.18  56.107.36.11  14921  myhost  8247
2003/05/26  07:06:07.48  56.107.36.11  14921  myhost  8247
2003/05/26  23:02:18.40  56.107.36.11  14921  myhost  8247
2003/05/27  12:30:56.23  56.107.36.11  14921  myhost  8247
2003/05/27  21:17:46.49  56.107.36.11  14921  myhost  8247
2003/05/28  02:31:24.82  56.107.36.11  14921  myhost  8247
2003/05/28  12:24:56.23  56.107.36.11  14921  myhost  8247
2003/05/28  13:46:04.63  56.107.36.11  14921  myhost  8247
2003/05/28  15:00:01.95  56.107.36.11  14921  myhost  8247
2003/05/28  18:43:11.41  56.107.36.11  14921  myhost  8247
2003/05/28  23:47:10.80  56.107.36.11  14921  myhost  8247
2003/05/29  04:39:42.20  56.107.36.11  14921  myhost  8247
2003/05/29  04:58:09.70  56.107.36.11  14921  myhost  8247
2003/05/29  07:56:19.43  56.107.36.11  14921  myhost  8247
2003/05/29  09:00:39.27  56.107.36.11  14921  myhost  8247
2003/05/29  11:07:52.60  56.107.36.11  14921  myhost  8247
2003/05/29  12:40:16.37  56.107.36.11  14921  myhost  8247
2003/05/29  14:27:12.09  69.22.25.16  14921  myhost  8247
2003/05/29  18:08:41.32  56.107.36.11  14921  myhost  8247
2003/05/29  21:59:06.66  56.107.36.11  14921  myhost  8247
2003/05/29  22:17:24.41  56.107.36.11  14921  myhost  8247
2003/05/30  01:26:53.82  56.107.36.11  14921  myhost  8247
2003/05/30  03:10:23.02  56.107.36.11  14921  myhost  8247
2003/05/30  06:42:59.30  56.107.36.11  14921  myhost  8247
2003/05/30  10:19:58.02  56.107.36.11  14921  myhost  8247
2003/05/30  11:37:45.74  56.107.36.11  14921  myhost  8247
2003/05/30  14:35:02.64  56.107.36.11  14921  myhost  8247
2003/05/31  09:03:16.63  56.107.36.11  14921  myhost  8247
2003/05/31  14:13:04.30  56.107.36.11  14921  myhost  8247
2003/05/31  15:35:22.08  56.107.36.11  14921  myhost  8247
2003/05/31  17:48:16.55  56.107.36.11  14921  myhost  8247
2003/05/31  19:21:41.48  56.107.36.11  14921  myhost  8247
2003/05/31  20:02:41.88  56.107.36.11  14921  myhost  8247
2003/05/31  21:30:20.28  56.107.36.11  14921  myhost  8247
2003/05/31  23:26:38.98  56.107.36.11  14921  myhost  8247
2003/05/31  23:51:48.86  56.107.36.11  14921  myhost  8247
2003/06/01  05:26:42.56  217.209.122.252  47092  myhost  8247
2003/06/01  05:57:50.48  56.107.36.11  14921  myhost  8247
2003/06/01  06:41:13.61  56.107.36.11  14921  myhost  8247
2003/06/01  08:36:10.72  56.107.36.11  14921  myhost  8247
2003/06/01  11:14:43.58  56.107.36.11  14921  myhost  8247
2003/06/01  12:55:24.83  56.107.36.11  14921  myhost  8247
2003/06/01  16:45:11.39  56.107.36.11  14921  myhost  8247
2003/06/01  17:03:21.44  56.107.36.11  14921  myhost  8247
2003/06/01  19:47:48.17  56.107.36.11  14921  myhost  8247
2003/06/01  19:56:27.27  56.107.36.11  14921  myhost  8247
2003/06/01  21:33:26.70  56.107.36.11  14921  myhost  8247
2003/06/01  22:52:12.38  56.107.36.11  14921  myhost  8247
2003/06/02  00:51:43.70  56.107.36.11  14921  myhost  8247
2003/06/02  03:29:49.95  56.107.36.11  14921  myhost  8247
2003/06/02  05:10:09.73  56.107.36.11  14921  myhost  8247
2003/06/02  05:41:35.56  56.107.36.11  14921  myhost  8247
2003/06/02  05:45:25.67  56.107.36.11  14921  myhost  8247
2003/06/02  07:14:54.75  56.107.36.11  14921  myhost  8247
2003/06/02  11:23:57.36  56.107.36.11  14921  myhost  8247
2003/06/02  11:50:47.41  56.107.36.11  14921  myhost  8247
2003/06/02  12:22:03.09  56.107.36.11  14921  myhost  8247
2003/06/02  13:30:26.05  56.107.36.11  14921  myhost  8247
2003/06/02  13:54:26.07  56.107.36.11  14921  myhost  8247
2003/06/02  14:07:29.40  56.107.36.11  14921  myhost  8247
2003/06/02  14:36:11.17  67.118.16.244  14921  myhost  8247
2003/06/02  15:14:11.01  56.107.36.11  14921  myhost  8247
2003/06/02  15:55:02.78  56.107.36.11  14921  myhost  8247
2003/06/02  16:15:00.97  56.107.36.11  14921  myhost  8247
2003/06/02  17:12:02.84  56.107.36.11  14921  myhost  8247
2003/06/02  19:20:08.88  56.107.36.11  14921  myhost  8247
2003/06/02  19:46:20.53  56.107.36.11  14921  myhost  8247
2003/06/02  22:30:22.22  24.99.140.34  14921  myhost  8247
2003/06/02  23:18:58.66  56.107.36.11  14921  myhost  8247
2003/06/03  01:38:21.14  56.107.36.11  14921  myhost  8247
2003/06/03  03:43:17.98  56.107.36.11  14921  myhost  8247
2003/06/03  05:05:15.61  56.107.36.11  14921  myhost  8247
2003/06/03  06:03:31.37  56.107.36.11  14921  myhost  8247
2003/06/03  07:34:34.87  56.107.36.11  14921  myhost  8247
2003/06/03  08:18:45.57  56.107.36.11  14921  myhost  8247
2003/06/03  08:31:05.03  56.107.36.11  14921  myhost  8247
2003/06/03  09:12:29.26  56.107.36.11  14921  myhost  8247
2003/06/03  10:21:44.75  56.107.36.11  14921  myhost  8247
2003/06/03  10:43:55.12  200.163.63.38  1025  myhost  8247
2003/06/03  10:45:18.64  56.107.36.11  14921  myhost  8247
2003/06/03  11:28:08.15  56.107.36.11  14921  myhost  8247
2003/06/03  11:50:35.98  219.109.125.150  14921  myhost  8247
2003/06/03  11:54:40.64  56.107.36.11  14921  myhost  8247
2003/06/03  13:03:28.53  56.107.36.11  14921  myhost  8247
2003/06/03  13:33:23.90  207.112.62.30  14921  myhost  8247
2003/06/03  13:56:55.18  56.107.36.11  14921  myhost  8247
2003/06/03  14:16:28.14  56.107.36.11  14921  myhost  8247
2003/06/03  14:56:17.12  56.107.36.11  14921  myhost  8247
2003/06/03  15:11:38.64  205.251.214.254  14921  myhost  8247
2003/06/03  15:12:08.81  56.107.36.11  14921  myhost  8247
2003/06/03  15:47:00.95  56.107.36.11  14921  myhost  8247
2003/06/03  16:35:09.98  56.107.36.11  14921  myhost  8247
2003/06/03  17:15:53.39  56.107.36.11  14921  myhost  8247
2003/06/03  17:53:34.34  56.107.36.11  14921  myhost  8247
2003/06/03  21:46:53.86  56.107.36.11  14921  myhost  8247





More information about the list mailing list