Henry Hertz Hobbit
hhhobbit at comcast.net
Thu Mar 24 19:11:08 GMT 2005
On Wed, 2005-03-23 at 12:39, Bob Poortinga wrote:
> "Paul Marsh" <pmarsh at nmefdn.org> reports:
> > I've been noticing the following IP's scanning me with the
> > following source ports.
> > 188.8.131.52 33435 udp
> > 184.108.40.206 33436 udp
> > 220.127.116.11 33437 udp
> > 18.104.22.168 33438 udp
> > 22.214.171.124 33440 udp
> > The question is, what are these scans?
> Probably one of these (or similar) products:
> There are a number of products like these that use traceroutes for geolocation
> or path optimization.
> USA Today uses (or used at one time) one of these products or something similar.
> Try browsing <www.usatoday.com> and watch the traceroutes come flying in.
This is pnap.net that is doing the scanning for load balancing. They
also perform it for Comcast and other ISPs. etc. It is nothing to be
concerned about, but I did notice that every time they started up, the
worm ridden machines began spewing lots more packets.
Key Name: "Henry Hertz Hobbit" <hhhobbit at comcast.net>
pub 1024D/1CC23BC0 2005-03-08 [expires: 2006-03-08]
Key fingerprint = 9CD0 839E 79C9 5E20 B97A 15A6 9AB7 484D 1CC2 3BC0
More information about the list