From: Michael Thompson <mike@thompsonmike.co.uk>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] 161 UDP Constant Connections
Date: Fri, 8 Jul 2005 15:46:42 +0100 [thread overview]
Message-ID: <200507081546.44691.mike@thompsonmike.co.uk> (raw)
In-Reply-To: <42CE8E7B.3050606@igoe.me.uk>
On Friday 08 July 2005 15:32, Tim Igoe wrote:
> Michael Thompson wrote:
> > This IP 212.56.68.108 has been attempting to contact Port 161 UDP for
> > Months.
>
> Are you running SNMP on your box? Port 161 is SNMP, if you have it open
> to the outside world, could it be collecting data - hence often
> connections?
Nope. It is closed off and I dont have SNMP running.
>
> > No when I try and run a NMAP scan against the box, I get my own logs
> > filled with the NMAP Scan. It is like 212.56.68.108 is mirroring to my IP
> > Space. And I dont Understand why!
> >
> > The connecting IP is in my ISP range, however it has no rDNS which the
> > ISP would do according to their technical support. It maps back to
> > hugeglobal.net
>
> Contact your ISPs support department - see if they can help at all?
Have done, they are looking into it, but they admit it is strange and have no
clue.
>
> > I'm not entirely sure it is a customer's machine, even though it is
> > within the ISP IP range. It's rDNS shows it is
> >
> > hugeglobal.net.
> >
> > The odd thing to me, is if one does a lookup on hugeglobal.net one gets
> >
> > 82.103.128.2 and the rDNS of that is
> >
> > e82-103-128-2s.easyspeedy.com
>
> Possible the original hugeglobal.net machine has since changed ISPs but
> the old IP has been re-assigned without the rDNS entry being changed?
>
That is possible, but the ISP says they are still in control of the subnet.
> > Any one got any ideas?
>
> you could just try blackholing the IP at your firewall, or as i've
> already mentioned - try and contact your ISP with all you know and see
> if htey can shed any light on it - its possible a comprimised box.
It is firewalled, and blacklisted. Has been for months. I am just curious as
to why it is coming back to me.
--
Mike
To see the world in a grain of sand,
and to see heaven in a wild flower,
hold infinity in the palm of your hands,
and eternity in an hour.
GnuGPG KeyID:=FC0D8D9A
--
gentoo-user@gentoo.org mailing list
next prev parent reply other threads:[~2005-07-08 14:54 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-07-08 14:16 [gentoo-user] 161 UDP Constant Connections Michael Thompson
2005-07-08 14:32 ` Tim Igoe
2005-07-08 14:46 ` Michael Thompson [this message]
2005-07-08 15:11 ` Hans-Werner Hilse
2005-07-08 15:42 ` Michael Thompson
2005-07-08 15:54 ` Hans-Werner Hilse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200507081546.44691.mike@thompsonmike.co.uk \
--to=mike@thompsonmike.co.uk \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox