Hi All, I've seen increased activity on port 27015. In the last half hour I've gotten the following probes. I'm just a lowley dsl user, not even pingable from outside. Just thought it was strange. Anyone else seeing this? The following are log entries from 2 minutes time, all unique sources only. If anyone would like to see the whole log from the last half hour or so let me know. I'm going to shut down for a bit, just in case. Thanks in advance for any ideas cg Date: 7/10/2001 Time: 14:37:51 Rule "gather" blocked (64.223.148.27,27015). Details: Inbound UDP packet Local address,service is (64.223.148.27,27015) Remote address,service is (24.24.150.52,2756) we-24-24-150-52.we.mediaone.net Process name is "N/A" Date: 7/10/2001 Time: 14:37:50 Rule "gather" blocked (64.223.148.27,27015). Details: Inbound UDP packet Local address,service is (64.223.148.27,27015) Remote address,service is (203.73.101.81,2077) SEEDNET Process name is "N/A" descr: Digital United Inc. descr: 9F, No. 125, Song Jiang Road descr: Taipei, Taiwan Date: 7/10/2001 Time: 14:37:43 Rule "gather" blocked (64.223.148.27,27015). Details: Inbound UDP packet Local address,service is (64.223.148.27,27015) Remote address,service is (217.81.88.127,2026) Deutsche Telekom AG, Internet service provider Process name is "N/A" DE Date: 7/10/2001 Time: 14:37:42 Rule "gather" blocked (64.223.148.27,27015). Details: Inbound UDP packet Local address,service is (64.223.148.27,27015) Remote address,service is (61.221.178.65,2832) Data Communication Business Group, Chunghwa Telecom Co., Ltd. Process name is "N/A" descr: Commerical ISP descr: 21, Section 1, Hsin-Yi Road, Taipei, descr: Taipei 100, Taiwan, R.O.C. Date: 7/10/2001 Time: 14:36:59 Rule "1025" blocked (64.223.148.27,http). Details: Inbound TCP connection Local address,service is (64.223.148.27,http) Remote address,service is (216.205.189.219,4692) Interliant (NET-ILNT-216-205-0) Process name is "N/A" Two Manhattanville Road Purchase, NY 10577 US Date: 7/10/2001 Time: 14:36:52 Rule "gather" blocked (64.223.148.27,27015). Details: Inbound UDP packet Local address,service is (64.223.148.27,27015) Remote address,service is (194.229.103.215,2538) H. Ozcinar Process name is "N/A" address: UCC address: Postbus 1357 address: NL-3430 BJ Nieuwengein address: The Netherlands Date: 7/10/2001 Time: 14:36:17 Rule "gather" blocked (64.223.148.27,27015). Details: Inbound UDP packet Local address,service is (64.223.148.27,27015) Remote address,service is (24.250.96.93,22952 ci170011-a.athen1.ga.home.com Process name is "N/A" Date: 7/10/2001 Time: 14:36:17 Rule "gather" blocked (64.223.148.27,27015). Details: Inbound UDP packet Local address,service is (64.223.148.27,27015) Remote address,service is (65.81.53.244,22952) adsl-81-53-244.asm.bellsouth.net Process name is "N/A" Date: 7/10/2001 Time: 14:36:17 Rule "gather" blocked (64.223.148.27,27015). Details: Inbound UDP packet Local address,service is (64.223.148.27,27015) Remote address,service is (205.244.188.34,22952) master.kali.net Process name is "N/A" Date: 7/10/2001 Time: 14:36:05 Rule "gather" blocked (64.223.148.27,27015). Details: Inbound UDP packet Local address,service is (64.223.148.27,27015) Remote address,service is (61.216.80.123,2728) 61-216-80-123.HINET-IP.hinet.net Process name is "N/A" Date: 7/10/2001 Time: 14:35:25 Rule "gather" blocked (64.223.148.27,27015). Details: Inbound UDP packet Local address,service is (64.223.148.27,27015) Remote address,service is (210.200.95.67,2101) APOL Process name is "N/A" descr: Asia Pacific Online Services Inc descr: Internet Service Provider country: TW Date: 7/10/2001 Time: 14:35:02 Rule "gather" blocked (64.223.148.27,27015). Details: Inbound UDP packet Local address,service is (64.223.148.27,27015) Remote address,service is (202.129.233.23,1914) tp233023.seeder.net Process name is "N/A" ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jul 11 2001 - 13:25:55 PDT