[Dshield] What is the fun of this? Daily 70 packets to 1026 and 1027

Freek de Kruijf f.de.kruijf at hetnet.nl
Mon Mar 28 12:00:50 GMT 2005


I have at home an ADSL connection with one permanent IP-address. My 
system is always online. Since about a month and a half I get daily 
about 70 UDP packages to the ports 1026 and 1027 from one IP-address 
61.172.244.159 (Shanghai, China). These packages are dropped by the 
firewall in my Linux box. I examened the content once with tcpdump and 
ethereal and the content showed some advertisement of a website; forgot 
what it was about. Naturally I complained at the mail address 
associated with the IP-address, wanglin at shaidc.com, but this turned out 
to be a non-existing address, however abuse at shaidc.com seemed to exist, 
however no reaction.

I wonder why anybody keeps "pounding" my IP-address so consistently and 
what the fun is of this type of "attack".

-- 
fr.gr.

Freek



More information about the list mailing list