[Dshield] Ports 27015, 55000, 6881, 7008 and 65534

stu secmail at patchsupplier.dyndns.org
Thu Jan 5 18:16:52 GMT 2006


Ok, it removed HTML, this is a log excerpt.

Src IP		SrcPort	Time		DestIP		DestPor Proto
61.233.40.206	46571	05/01/2006 13:23	212.57.230.10	4257
UDP
61.233.40.206	41911	05/01/2006 13:10	212.57.230.10	4257
UDP
61.233.40.206	52056	05/01/2006 05:55	212.57.230.10	4257
UDP
61.233.40.206	44435	05/01/2006 05:33	212.57.230.10	1031
UDP
61.233.40.206	36527	04/01/2006 22:46	212.57.230.10	4257
UDP
61.233.40.206	36663	04/01/2006 21:29	212.57.230.10	4257
UDP
61.233.40.206	43957	04/01/2006 15:25	212.57.230.10	4257
UDP
61.233.40.206	47738	04/01/2006 14:20	212.57.230.10	4257
UDP
61.233.40.206	43576	04/01/2006 07:49	212.57.230.10	1031
UDP
61.233.40.206	43576	04/01/2006 07:49	212.57.230.10	1030
UDP
61.233.40.206	43576	04/01/2006 07:49	212.57.230.10	1028
UDP
61.233.40.206	44830	04/01/2006 06:35	212.57.230.10	1030
UDP
61.233.40.206	44830	04/01/2006 06:35	212.57.230.10	1031
UDP

Most of the traffic I'm seeing the source address originates in China. I
haven't checked all but the ones I have appear to be from there. 



More information about the list mailing list