Re: 27015 probe increase??

From: mstockdaat_private
Date: Wed Jul 11 2001 - 13:42:30 PDT

  • Next message: George Bakos: "Re: Weird UDP trafic"

    IIRC 27015/udp is used by quake(/2/3?) and half-life game servers, (well, I know I remember correctly, I run a counter-strike (halflife) server. but it might be used for something else too.) it's possible if you have a dynamic IP that the last user of yours was running a server and people(or gamespy) still had that IP listed.
    
    Matt
    
    On Tue, Jul 10, 2001 at 03:10:38PM -0400, cg wrote:
    > Hi All,
    > I've seen increased activity on port 27015. In the last half hour I've
    > gotten the following probes. I'm just a lowley dsl user, not even pingable
    > from outside.
    > Just thought it was strange. Anyone else seeing this?
    > The following are log entries from 2 minutes time, all unique sources only.
    > If anyone would like to see the whole log from the last half hour or so let
    > me know.
    > I'm going to shut down for a bit, just in case.
    > Thanks in advance for any ideas
    > 
    > cg
    > 
    > Date: 7/10/2001 Time: 14:37:51
    > Rule "gather" blocked (64.223.148.27,27015).  Details:
    > Inbound UDP packet
    > Local address,service is (64.223.148.27,27015)
    > Remote address,service is (24.24.150.52,2756)
    > we-24-24-150-52.we.mediaone.net
    > Process name is "N/A"
    > 
    > 
    > Date: 7/10/2001 Time: 14:37:50
    > Rule "gather" blocked (64.223.148.27,27015).  Details:
    > Inbound UDP packet
    > Local address,service is (64.223.148.27,27015)
    > Remote address,service is (203.73.101.81,2077)        SEEDNET
    >      Process name is "N/A"
    > descr:       Digital United Inc.
    > 
    > descr:       9F, No. 125, Song Jiang Road
    > 
    > descr:       Taipei, Taiwan
    > 
    > 
    > 
    > Date: 7/10/2001 Time: 14:37:43
    > Rule "gather" blocked (64.223.148.27,27015).  Details:
    > Inbound UDP packet
    > Local address,service is (64.223.148.27,27015)
    > Remote address,service is (217.81.88.127,2026)        Deutsche Telekom AG,
    > Internet service provider
    > Process name is "N/A"                                                DE
    > 
    > Date: 7/10/2001 Time: 14:37:42
    > Rule "gather" blocked (64.223.148.27,27015).  Details:
    > Inbound UDP packet
    > Local address,service is (64.223.148.27,27015)
    > Remote address,service is (61.221.178.65,2832)            Data Communication
    > Business Group, Chunghwa Telecom Co., Ltd.
    >    Process name is "N/A"
    > descr:       Commerical ISP
    > 
    > descr:       21, Section 1, Hsin-Yi Road, Taipei,
    > 
    > descr:       Taipei 100, Taiwan, R.O.C.
    > 
    > 
    > Date: 7/10/2001 Time: 14:36:59
    > Rule "1025" blocked (64.223.148.27,http).  Details:
    > Inbound TCP connection
    > Local address,service is (64.223.148.27,http)
    > Remote address,service is (216.205.189.219,4692)            Interliant
    > (NET-ILNT-216-205-0)
    >  Process name is "N/A"
    > Two Manhattanville Road
    > 
    > Purchase, NY 10577
    > 
    > US
    > 
    > 
    > 
    > Date: 7/10/2001 Time: 14:36:52
    > Rule "gather" blocked (64.223.148.27,27015).  Details:
    > Inbound UDP packet
    > Local address,service is (64.223.148.27,27015)
    > Remote address,service is (194.229.103.215,2538)          H. Ozcinar
    >  Process name is "N/A"
    > address:      UCC
    > 
    > address:      Postbus 1357
    > 
    > address:      NL-3430 BJ  Nieuwengein
    > 
    > address:      The Netherlands
    > 
    > 
    > 
    > Date: 7/10/2001 Time: 14:36:17
    > Rule "gather" blocked (64.223.148.27,27015).  Details:
    > Inbound UDP packet
    > Local address,service is (64.223.148.27,27015)
    > Remote address,service is (24.250.96.93,22952
    > ci170011-a.athen1.ga.home.com
    > Process name is "N/A"
    > 
    > Date: 7/10/2001 Time: 14:36:17
    > Rule "gather" blocked (64.223.148.27,27015).  Details:
    > Inbound UDP packet
    > Local address,service is (64.223.148.27,27015)
    > Remote address,service is (65.81.53.244,22952)
    > adsl-81-53-244.asm.bellsouth.net
    > Process name is "N/A"
    > 
    > Date: 7/10/2001 Time: 14:36:17
    > Rule "gather" blocked (64.223.148.27,27015).  Details:
    > Inbound UDP packet
    > Local address,service is (64.223.148.27,27015)
    > Remote address,service is (205.244.188.34,22952)            master.kali.net
    > Process name is "N/A"
    > 
    > Date: 7/10/2001 Time: 14:36:05
    > Rule "gather" blocked (64.223.148.27,27015).  Details:
    > Inbound UDP packet
    > Local address,service is (64.223.148.27,27015)
    > Remote address,service is (61.216.80.123,2728)
    > 61-216-80-123.HINET-IP.hinet.net
    > Process name is "N/A"
    > 
    > Date: 7/10/2001 Time: 14:35:25
    > Rule "gather" blocked (64.223.148.27,27015).  Details:
    > Inbound UDP packet
    > Local address,service is (64.223.148.27,27015)
    > Remote address,service is (210.200.95.67,2101)            APOL
    >  Process name is "N/A"
    > descr:       Asia Pacific Online Services Inc
    > 
    > descr:       Internet Service Provider
    > 
    > country:     TW
    > 
    > 
    > 
    > Date: 7/10/2001 Time: 14:35:02
    > Rule "gather" blocked (64.223.148.27,27015).  Details:
    > Inbound UDP packet
    > Local address,service is (64.223.148.27,27015)
    > Remote address,service is (202.129.233.23,1914)
    > tp233023.seeder.net
    > Process name is "N/A"
    > 
    > 
    > 
    > 
    > ----------------------------------------------------------------------------
    > 
    > 
    > This list is provided by the SecurityFocus ARIS analyzer service.
    > For more information on this free incident handling, management 
    > and tracking system please see:
    > 
    > http://aris.securityfocus.com
    
    -- 
    Matt Stockdale
    Sr. NOC Engineer
    Digital Telemedia
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Wed Jul 11 2001 - 17:01:49 PDT