[Dshield] What is the fun of this? Daily 70 packets to 1026 and1027

Jim Clements jwclements at execulink.com
Thu Mar 31 10:23:14 GMT 2005


I had only one today, total of 170 since Feb. 26th so far, from:
-------------------------------------------------
inetnum:      61.172.244.158 - 61.172.244.166
netname:      NULL
descr:       null
country:      CN
admin-c:      WQ58-AP
tech-c:       WL371-AP
mnt-by:       MAINT-CHINANET-SH
changed:      wanglin at shaidc.com 20040628
status:       ASSIGNED NON-PORTABLE
source:       APNIC

person:       Wang Qing
address:      6F,380 Fushan Road,Shanghai   200122
country:      CN
phone:        +86-21-68761255-807
fax-no:       +86-21-68761255-805
e-mail:       wanglin at shaidc.com
nic-hdl:      WQ58-AP
mnt-by:       MAINT-CN-SHTELE-XINCHAN
changed:      wanglin at shaidc.com 20021007
source:       APNIC

person:       Wang Lin
address:      6F,380 Fushan Road,Shanghai   200122
country:      CN
phone:        +86-21-68761255-807
fax-no:       +86-21-68761255-805
e-mail:       wanglin at shaidc.com
nic-hdl:      WL371-AP
mnt-by:       MAINT-CN-SHTELE-XINCHAN
changed:      wanglin at shaidc.com 20021007
source:       APNIC

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org]On Behalf Of Jonathan C. Webster
Sent: Wednesday, March 30, 2005 17:34 PM
To: General DShield Discussion List
Subject: Re: [Dshield] What is the fun of this? Daily 70 packets to 1026
and1027




jayjwa wrote:
>
> On Mon, 28 Mar 2005, Freek de Kruijf wrote:
>
> -> Since about a month and a half I get daily -> about 70 UDP packages
> to the ports 1026 and 1027 from one IP-address -> 61.172.244.159
> (Shanghai, China).
>
Hello,
I see a few too from the same place.  ds.log is my accumulated firewall logs
for dshield.

$ tail -10000 ds.log| grep "61.172.244.159"| cut -f4,7| sort -n|uniq -c
     573 61.172.244.159  1026
     172 61.172.244.159  1027
$ tail -10000 ds.log|head -1| cut -f1
2005-02-06 22:15:50 -05:00
$

Jonathan
-------------- Sponsor Message ------------------------------------
Join us at SANSFIRE 2005 in Atlanta!
The Internet Storm Center Conference.
Details: http://www.sans.org/sansfire2005

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list