Hello cracks
Since a few days (weeks already) we have noticed lots of tcp probes to port 4357
always from the same source address (204.92.55.110):
5 probe(s) under 1 minutes from: 204.92.55.110 on port: 4357 at Wed Jun 30 11:18:24
1999
rule protocol port
time
---- -------- ---------- ----
1 6 (tcp) 4357 ( ? ) Wed
Jun 30 11:14:20 1999
2 6 (tcp) 4357 ( ? ) Wed
Jun 30 11:15:21 1999
3 6 (tcp) 4357 ( ? ) Wed
Jun 30 11:16:22 1999
4 6 (tcp) 4357 ( ? ) Wed
Jun 30 11:17:23 1999
5 6 (tcp) 4357 ( ? ) Wed
Jun 30 11:18:24 1999
A PTR lookup with this ip address tells me the url web2.tor.accglobal.net.
After digging for ip address and domain name I found the following:
UUNET Canada Inc. (NETBLK-UUNET-1) UUNET-1
204.92.0.0 - 204.92.255.0
Internex Online Inc. (NETBLK-IO-NET7) IO-NET7 204.92.48.0 -
204.92.55.255
Registrant:
ACC Long Distance (ACCGLOBAL2-DOM)
400 West Ave
Rochester NY, NY 14534
US
Domain Name: ACCGLOBAL.NET
Administrative Contact, Technical Contact, Zone Contact:
Administration, Dns (DA502) [EMAIL PROTECTED]
+1 416 236 3636 (FAX) +1 416 207 7123
I've already sent complaining mails to [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED] and [EMAIL PROTECTED], but nothing happend. The
probes still go on.
Has anybody an idea of the purpose of the port 4357 and of what I could do
against these probes ?
Thanks very much for your help !
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
