| 1 |
On Friday 08 July 2005 15:32, Tim Igoe wrote: |
| 2 |
> Michael Thompson wrote: |
| 3 |
> > This IP 212.56.68.108 has been attempting to contact Port 161 UDP for |
| 4 |
> > Months. |
| 5 |
> |
| 6 |
> Are you running SNMP on your box? Port 161 is SNMP, if you have it open |
| 7 |
> to the outside world, could it be collecting data - hence often |
| 8 |
> connections? |
| 9 |
|
| 10 |
Nope. It is closed off and I dont have SNMP running. |
| 11 |
|
| 12 |
> |
| 13 |
> > No when I try and run a NMAP scan against the box, I get my own logs |
| 14 |
> > filled with the NMAP Scan. It is like 212.56.68.108 is mirroring to my IP |
| 15 |
> > Space. And I dont Understand why! |
| 16 |
> > |
| 17 |
> > The connecting IP is in my ISP range, however it has no rDNS which the |
| 18 |
> > ISP would do according to their technical support. It maps back to |
| 19 |
> > hugeglobal.net |
| 20 |
> |
| 21 |
> Contact your ISPs support department - see if they can help at all? |
| 22 |
|
| 23 |
Have done, they are looking into it, but they admit it is strange and have no |
| 24 |
clue. |
| 25 |
|
| 26 |
> |
| 27 |
> > I'm not entirely sure it is a customer's machine, even though it is |
| 28 |
> > within the ISP IP range. It's rDNS shows it is |
| 29 |
> > |
| 30 |
> > hugeglobal.net. |
| 31 |
> > |
| 32 |
> > The odd thing to me, is if one does a lookup on hugeglobal.net one gets |
| 33 |
> > |
| 34 |
> > 82.103.128.2 and the rDNS of that is |
| 35 |
> > |
| 36 |
> > e82-103-128-2s.easyspeedy.com |
| 37 |
> |
| 38 |
> Possible the original hugeglobal.net machine has since changed ISPs but |
| 39 |
> the old IP has been re-assigned without the rDNS entry being changed? |
| 40 |
> |
| 41 |
|
| 42 |
That is possible, but the ISP says they are still in control of the subnet. |
| 43 |
|
| 44 |
> > Any one got any ideas? |
| 45 |
> |
| 46 |
> you could just try blackholing the IP at your firewall, or as i've |
| 47 |
> already mentioned - try and contact your ISP with all you know and see |
| 48 |
> if htey can shed any light on it - its possible a comprimised box. |
| 49 |
|
| 50 |
It is firewalled, and blacklisted. Has been for months. I am just curious as |
| 51 |
to why it is coming back to me. |
| 52 |
|
| 53 |
-- |
| 54 |
Mike |
| 55 |
|
| 56 |
To see the world in a grain of sand, |
| 57 |
and to see heaven in a wild flower, |
| 58 |
hold infinity in the palm of your hands, |
| 59 |
and eternity in an hour. |
| 60 |
|
| 61 |
GnuGPG KeyID:=FC0D8D9A |
| 62 |
-- |
| 63 |
gentoo-user@g.o mailing list |
Archives