h00a0cc5d079f.ne.mediaone.net [66.30.136.77] Unresolved: Valid name, no data record of requested type
The first address resolves to what appears to be a MAC addressed DNS name belonging to Mediaone. Second address does not resolve. Hope this is of some value. David M. Brown Director, Information Technology Services S Y N E R G E X <http://www.synergex.com> Office: 916 853-0396 FAX: 916 635-6549 -----Original Message----- From: Kevin Lisciotti [mailto:[EMAIL PROTECTED]] Sent: Friday, December 07, 2001 6:49 AM To: [EMAIL PROTECTED] Subject: Mediaone/AT&T broadband port scans Hi All, Since I can't get anywhere with the AT&T broadband abuse and legal department, I figured I run this by the group. For the past 3-4 months I have been repeatedly port scanned by the following 2 ip addresses 66.30.136.77 and 66.30.136.236 at least 10-20 times a day. I have sent numerous emails including the log files to the legal department asking them if these were legitimate security scans from their security group or just rogue customer accounts. If they are legitimate security scans then I don't have a problem with that, but I've been told by various customer service reps including people in the abuse department that they don't know if they belong to the security group. How can you not know what ip addresses would be connected with the security group? Either way they won't give me an answer or make the scans stop. As you'll see from the log snippet below, the scans are going out to the broadcast address and to the ports 27020/27021 and 10056/10061. The ports never change and I was wondering what they would be looking for. 12/06/2001 21:32:19.112 Port Scan 66.30.136.236, 3837, WAN 255.255.255.255, 27021, LAN 12/06/2001 21:47:13.640 Port Scan 66.30.136.236, 3838, WAN 255.255.255.255, 27020, LAN 12/06/2001 22:02:23.032 Port Scan 66.30.136.77, 1025, WAN 255.255.255.255, 10056, LAN 12/06/2001 22:02:23.032 Port Scan 66.30.136.77, 1025, WAN 255.255.255.255, 10061, LAN I am completely aggravated with the abuse/legal department and was wondering what the group here thought about this. Thanks so much!
