On Friday 08 July 2005 15:32, Tim Igoe wrote: > Michael Thompson wrote: > > This IP 212.56.68.108 has been attempting to contact Port 161 UDP for > > Months. > > Are you running SNMP on your box? Port 161 is SNMP, if you have it open > to the outside world, could it be collecting data - hence often > connections?
Nope. It is closed off and I dont have SNMP running. > > > No when I try and run a NMAP scan against the box, I get my own logs > > filled with the NMAP Scan. It is like 212.56.68.108 is mirroring to my IP > > Space. And I dont Understand why! > > > > The connecting IP is in my ISP range, however it has no rDNS which the > > ISP would do according to their technical support. It maps back to > > hugeglobal.net > > Contact your ISPs support department - see if they can help at all? Have done, they are looking into it, but they admit it is strange and have no clue. > > > I'm not entirely sure it is a customer's machine, even though it is > > within the ISP IP range. It's rDNS shows it is > > > > hugeglobal.net. > > > > The odd thing to me, is if one does a lookup on hugeglobal.net one gets > > > > 82.103.128.2 and the rDNS of that is > > > > e82-103-128-2s.easyspeedy.com > > Possible the original hugeglobal.net machine has since changed ISPs but > the old IP has been re-assigned without the rDNS entry being changed? > That is possible, but the ISP says they are still in control of the subnet. > > Any one got any ideas? > > you could just try blackholing the IP at your firewall, or as i've > already mentioned - try and contact your ISP with all you know and see > if htey can shed any light on it - its possible a comprimised box. It is firewalled, and blacklisted. Has been for months. I am just curious as to why it is coming back to me. -- Mike To see the world in a grain of sand, and to see heaven in a wild flower, hold infinity in the palm of your hands, and eternity in an hour. GnuGPG KeyID:=FC0D8D9A -- [email protected] mailing list
