[Dshield] Internap

Henry Hertz Hobbit hhhobbit at comcast.net
Thu Mar 24 19:11:08 GMT 2005


On Wed, 2005-03-23 at 12:39, Bob Poortinga wrote:
> "Paul Marsh" <pmarsh at nmefdn.org> reports:
>  
> > 	I've been noticing the following IP's scanning me with the
> > following source ports.
> > 
> > 	206.253.195.6 33435 udp
> > 	206.253.195.10 33436 udp
> > 	206.253.195.14 33437 udp
> > 	206.253.195.18 33438 udp
> > 	206.253.195.26 33440 udp
> ... 
> > 	The question is, what are these scans?
> 
> Probably one of these (or similar) products:
>  <http://www.quova.com/technology/ip-mapping-geopoint.shtml>
>  <http://www.f5.com/f5products/products/bigip/index.html>
> 
> There are a number of products like these that use traceroutes for geolocation
> or path optimization.
> 
> USA Today uses (or used at one time) one of these products or something similar.
> Try browsing <www.usatoday.com> and watch the traceroutes come flying in.

This is pnap.net that is doing the scanning for load balancing.  They
also perform it for Comcast and other ISPs. etc.  It is nothing to be
concerned about, but I did notice that every time they started up, the
worm ridden machines began spewing lots more packets.

HHH
-- 
Key Name:  "Henry Hertz Hobbit" <hhhobbit at comcast.net>
pub   1024D/1CC23BC0 2005-03-08 [expires: 2006-03-08]
Key fingerprint = 9CD0 839E 79C9 5E20 B97A 15A6 9AB7 484D 1CC2 3BC0





More information about the list mailing list