When I see unwanted probing from an address (or network) I just us
ipfwadm to drop ALL packets from that source.
Carric Dooley
COM2:Interactive Media
http://www.com2usa.com
On Wed, 30 Jun 1999, Philip Rueegsegger wrote:
> Hello cracks
>
> Since a few days (weeks already) we have noticed lots of tcp probes to port 4357
> always from the same source address (204.92.55.110):
>
> 5 probe(s) under 1 minutes from: 204.92.55.110 on port: 4357 at Wed Jun 30 11:18:24
>1999
>
> rule protocol port
> time
> ---- -------- ---------- ----
>
> 1 6 (tcp) 4357 ( ? )
>Wed Jun 30 11:14:20 1999
> 2 6 (tcp) 4357 ( ? )
>Wed Jun 30 11:15:21 1999
> 3 6 (tcp) 4357 ( ? )
>Wed Jun 30 11:16:22 1999
> 4 6 (tcp) 4357 ( ? )
>Wed Jun 30 11:17:23 1999
> 5 6 (tcp) 4357 ( ? )
>Wed Jun 30 11:18:24 1999
>
>
> A PTR lookup with this ip address tells me the url web2.tor.accglobal.net.
> After digging for ip address and domain name I found the following:
>
> UUNET Canada Inc. (NETBLK-UUNET-1) UUNET-1
>204.92.0.0 - 204.92.255.0
> Internex Online Inc. (NETBLK-IO-NET7) IO-NET7 204.92.48.0 -
>204.92.55.255
>
> Registrant:
> ACC Long Distance (ACCGLOBAL2-DOM)
> 400 West Ave
> Rochester NY, NY 14534
> US
> Domain Name: ACCGLOBAL.NET
> Administrative Contact, Technical Contact, Zone Contact:
> Administration, Dns (DA502) [EMAIL PROTECTED]
> +1 416 236 3636 (FAX) +1 416 207 7123
>
> I've already sent complaining mails to [EMAIL PROTECTED], [EMAIL PROTECTED],
> [EMAIL PROTECTED] and [EMAIL PROTECTED], but nothing happend. The
> probes still go on.
>
> Has anybody an idea of the purpose of the port 4357 and of what I could do
> against these probes ?
>
> Thanks very much for your help !
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
