From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1DqtoJ-0000CL-Gu for garchives@archives.gentoo.org; Fri, 08 Jul 2005 14:26:36 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j68EOgqS031559; Fri, 8 Jul 2005 14:24:42 GMT Received: from mail.thompsonmike.co.uk (thompsonmike.plus.com [212.159.25.17]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j68EJobZ006459 for ; Fri, 8 Jul 2005 14:19:51 GMT Received: from pherkab.thompsonmike.co.uk (pherkab.thompsonmike.co.uk [192.168.1.14]) by mail.thompsonmike.co.uk (Postfix) with ESMTP id 13714B34D3 for ; Fri, 8 Jul 2005 17:37:36 +0100 (BST) From: Michael Thompson Organization: My own little world To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] 161 UDP Constant Connections Date: Fri, 8 Jul 2005 15:16:46 +0100 User-Agent: KMail/1.7.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2464971.1TN9hYzF6x"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200507081516.52836.mike@thompsonmike.co.uk> X-Virus-Scanned: by amavisd-new at thompsonmike.co.uk X-Archives-Salt: 75d42dcb-0c57-43e6-8f90-da138de0a7bd X-Archives-Hash: 96d04afbb35c540c21379a40819458d1 --nextPart2464971.1TN9hYzF6x Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline This IP 212.56.68.108 has been attempting to contact Port 161 UDP for Months. No when I try and run a NMAP scan against the box, I get my own logs filled with the NMAP Scan. It is like 212.56.68.108 is mirroring to my IP Space. And I dont Understand why! The connecting IP is in my ISP range, however it has no rDNS which the ISP would do according to their technical support. It maps back to hugeglobal.net I'm not entirely sure it is a customer's machine, even though it is within the ISP IP range. It's rDNS shows it is hugeglobal.net. =20 The odd thing to me, is if one does a lookup on hugeglobal.net one gets 82.103.128.2 and the rDNS of that is e82-103-128-2s.easyspeedy.com Not one of the local ISP I am using.=20 Telnetting to the IP gives this: Telnet 212.56.68.108 connects giving... _ _ _ ___ | |_ _ __ _ __ ___ __ _ _ ()_ __ ___ __| | / _ \| __| '_ \ | '__/ _ \/ _` | | | | | '__/ _ \/ _` | | (_) | |_| |_) | | | | __/ (_| | |_| | | | | __/ (_| | \___/ \__| .__/ |_| \___|\__, |\__,_|_|_| \___|\__,_| |_| |_| If you do not have a CMN registered OTP device you will not be able to login. OTP USERS: THIS CONNECTION IS NOT ENCRYPTED, BE SMART larabee login: Any one got any ideas? =2D-=20 Mike To see the world in a grain of sand, and to see heaven in a wild flower, hold infinity in the palm of your hands, and eternity in an hour. GnuGPG KeyID:=3DFC0D8D9A --nextPart2464971.1TN9hYzF6x Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQBCzorUl0tLAvwNjZoRApmiAJ4slQDRVnqZYawxQSF2DgBsGikp4QCaApe+ CnO/G3AadvP3W+bny//XBzc= =z9sk -----END PGP SIGNATURE----- --nextPart2464971.1TN9hYzF6x-- -- gentoo-user@gentoo.org mailing list