On Tue, 10 Jul 2001, cg wrote: > I've seen increased activity on port 27015. In the last half hour I've > gotten the following probes. I'm just a lowley dsl user, not even pingable > from outside. > Rule "gather" blocked (xx.xxx.xxx.xx,27015). Details: Port 27015 is the port used for the game "Half-Life," a First Person Shooter. I doubt you have much to worry about, from the fact that this was a two minute log and judging by the number of hits I would havt to guess that your IP (possibly it is assigned using DHCP?) was listed either online at a webpage or one one of the half life servers as hosting a game. Thus users would insruct their machines to connect to yours, in order to play. The IPs I regonize from the states all appear to be of Cable/DSL origin: > Remote address,service is (24.24.150.52,2756) > we-24-24-150-52.we.mediaone.net > Remote address,service is (24.250.96.93,22952 > ci170011-a.athen1.ga.home.com > Remote address,service is (65.81.53.244,22952) > adsl-81-53-244.asm.bellsouth.net The gaming community is well known as early adopter of Broadband in the pursuit of lower PING times to the server. If in fact your IP is assigned dynamically (DHCP, etc.) then this sounds very familiar to the port 6346 DOS reported last week; 6346 is actually the port used for the GNutella network; where a user with this IP previously had started and "announced"/broadcast services which you do not support. I hope this calms your fears slightly. It is always good to be diligent about security. -B ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jul 11 2001 - 16:33:55 PDT