27015 probe increase??

From: cg (cg.meat_private)
Date: Tue Jul 10 2001 - 12:10:38 PDT

Next message: Blake Frantz: "Re: Unicode Logs with Ping Activity"

Previous message: myrddin_eat_private: "Re: Unicode Logs with Ping Activity"
In reply to: Jordan K Wiens: "Re: Unicode Logs with Ping Activity"
Next in thread: bhc2at_private: "Re: 27015 probe increase??"
Next in thread: Blake Frantz: "Re: Unicode Logs with Ping Activity"
Next in thread: myrddin_eat_private: "Re: Unicode Logs with Ping Activity"
Reply: bhc2at_private: "Re: 27015 probe increase??"
Reply: mstockdaat_private: "Re: 27015 probe increase??"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi All,
I've seen increased activity on port 27015. In the last half hour I've
gotten the following probes. I'm just a lowley dsl user, not even pingable
from outside.
Just thought it was strange. Anyone else seeing this?
The following are log entries from 2 minutes time, all unique sources only.
If anyone would like to see the whole log from the last half hour or so let
me know.
I'm going to shut down for a bit, just in case.
Thanks in advance for any ideas

cg

Date: 7/10/2001 Time: 14:37:51
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (24.24.150.52,2756)
we-24-24-150-52.we.mediaone.net
Process name is "N/A"


Date: 7/10/2001 Time: 14:37:50
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (203.73.101.81,2077)        SEEDNET
     Process name is "N/A"
descr:       Digital United Inc.

descr:       9F, No. 125, Song Jiang Road

descr:       Taipei, Taiwan



Date: 7/10/2001 Time: 14:37:43
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (217.81.88.127,2026)        Deutsche Telekom AG,
Internet service provider
Process name is "N/A"                                                DE

Date: 7/10/2001 Time: 14:37:42
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (61.221.178.65,2832)            Data Communication
Business Group, Chunghwa Telecom Co., Ltd.
   Process name is "N/A"
descr:       Commerical ISP

descr:       21, Section 1, Hsin-Yi Road, Taipei,

descr:       Taipei 100, Taiwan, R.O.C.


Date: 7/10/2001 Time: 14:36:59
Rule "1025" blocked (64.223.148.27,http).  Details:
Inbound TCP connection
Local address,service is (64.223.148.27,http)
Remote address,service is (216.205.189.219,4692)            Interliant
(NET-ILNT-216-205-0)
 Process name is "N/A"
Two Manhattanville Road

Purchase, NY 10577

US



Date: 7/10/2001 Time: 14:36:52
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (194.229.103.215,2538)          H. Ozcinar
 Process name is "N/A"
address:      UCC

address:      Postbus 1357

address:      NL-3430 BJ  Nieuwengein

address:      The Netherlands



Date: 7/10/2001 Time: 14:36:17
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (24.250.96.93,22952
ci170011-a.athen1.ga.home.com
Process name is "N/A"

Date: 7/10/2001 Time: 14:36:17
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (65.81.53.244,22952)
adsl-81-53-244.asm.bellsouth.net
Process name is "N/A"

Date: 7/10/2001 Time: 14:36:17
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (205.244.188.34,22952)            master.kali.net
Process name is "N/A"

Date: 7/10/2001 Time: 14:36:05
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (61.216.80.123,2728)
61-216-80-123.HINET-IP.hinet.net
Process name is "N/A"

Date: 7/10/2001 Time: 14:35:25
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (210.200.95.67,2101)            APOL
 Process name is "N/A"
descr:       Asia Pacific Online Services Inc

descr:       Internet Service Provider

country:     TW



Date: 7/10/2001 Time: 14:35:02
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (202.129.233.23,1914)
tp233023.seeder.net
Process name is "N/A"




----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

Next message: Blake Frantz: "Re: Unicode Logs with Ping Activity"
Previous message: myrddin_eat_private: "Re: Unicode Logs with Ping Activity"
In reply to: Jordan K Wiens: "Re: Unicode Logs with Ping Activity"
Next in thread: bhc2at_private: "Re: 27015 probe increase??"
Next in thread: Blake Frantz: "Re: Unicode Logs with Ping Activity"
Next in thread: myrddin_eat_private: "Re: Unicode Logs with Ping Activity"
Reply: bhc2at_private: "Re: 27015 probe increase??"
Reply: mstockdaat_private: "Re: 27015 probe increase??"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 11 2001 - 13:25:55 PDT