IIRC 27015/udp is used by quake(/2/3?) and half-life game servers, (well, I know I remember correctly, I run a counter-strike (halflife) server. but it might be used for something else too.) it's possible if you have a dynamic IP that the last user of yours was running a server and people(or gamespy) still had that IP listed. Matt On Tue, Jul 10, 2001 at 03:10:38PM -0400, cg wrote: > Hi All, > I've seen increased activity on port 27015. In the last half hour I've > gotten the following probes. I'm just a lowley dsl user, not even pingable > from outside. > Just thought it was strange. Anyone else seeing this? > The following are log entries from 2 minutes time, all unique sources only. > If anyone would like to see the whole log from the last half hour or so let > me know. > I'm going to shut down for a bit, just in case. > Thanks in advance for any ideas > > cg > > Date: 7/10/2001 Time: 14:37:51 > Rule "gather" blocked (64.223.148.27,27015). Details: > Inbound UDP packet > Local address,service is (64.223.148.27,27015) > Remote address,service is (24.24.150.52,2756) > we-24-24-150-52.we.mediaone.net > Process name is "N/A" > > > Date: 7/10/2001 Time: 14:37:50 > Rule "gather" blocked (64.223.148.27,27015). Details: > Inbound UDP packet > Local address,service is (64.223.148.27,27015) > Remote address,service is (203.73.101.81,2077) SEEDNET > Process name is "N/A" > descr: Digital United Inc. > > descr: 9F, No. 125, Song Jiang Road > > descr: Taipei, Taiwan > > > > Date: 7/10/2001 Time: 14:37:43 > Rule "gather" blocked (64.223.148.27,27015). Details: > Inbound UDP packet > Local address,service is (64.223.148.27,27015) > Remote address,service is (217.81.88.127,2026) Deutsche Telekom AG, > Internet service provider > Process name is "N/A" DE > > Date: 7/10/2001 Time: 14:37:42 > Rule "gather" blocked (64.223.148.27,27015). Details: > Inbound UDP packet > Local address,service is (64.223.148.27,27015) > Remote address,service is (61.221.178.65,2832) Data Communication > Business Group, Chunghwa Telecom Co., Ltd. > Process name is "N/A" > descr: Commerical ISP > > descr: 21, Section 1, Hsin-Yi Road, Taipei, > > descr: Taipei 100, Taiwan, R.O.C. > > > Date: 7/10/2001 Time: 14:36:59 > Rule "1025" blocked (64.223.148.27,http). Details: > Inbound TCP connection > Local address,service is (64.223.148.27,http) > Remote address,service is (216.205.189.219,4692) Interliant > (NET-ILNT-216-205-0) > Process name is "N/A" > Two Manhattanville Road > > Purchase, NY 10577 > > US > > > > Date: 7/10/2001 Time: 14:36:52 > Rule "gather" blocked (64.223.148.27,27015). Details: > Inbound UDP packet > Local address,service is (64.223.148.27,27015) > Remote address,service is (194.229.103.215,2538) H. Ozcinar > Process name is "N/A" > address: UCC > > address: Postbus 1357 > > address: NL-3430 BJ Nieuwengein > > address: The Netherlands > > > > Date: 7/10/2001 Time: 14:36:17 > Rule "gather" blocked (64.223.148.27,27015). Details: > Inbound UDP packet > Local address,service is (64.223.148.27,27015) > Remote address,service is (24.250.96.93,22952 > ci170011-a.athen1.ga.home.com > Process name is "N/A" > > Date: 7/10/2001 Time: 14:36:17 > Rule "gather" blocked (64.223.148.27,27015). Details: > Inbound UDP packet > Local address,service is (64.223.148.27,27015) > Remote address,service is (65.81.53.244,22952) > adsl-81-53-244.asm.bellsouth.net > Process name is "N/A" > > Date: 7/10/2001 Time: 14:36:17 > Rule "gather" blocked (64.223.148.27,27015). Details: > Inbound UDP packet > Local address,service is (64.223.148.27,27015) > Remote address,service is (205.244.188.34,22952) master.kali.net > Process name is "N/A" > > Date: 7/10/2001 Time: 14:36:05 > Rule "gather" blocked (64.223.148.27,27015). Details: > Inbound UDP packet > Local address,service is (64.223.148.27,27015) > Remote address,service is (61.216.80.123,2728) > 61-216-80-123.HINET-IP.hinet.net > Process name is "N/A" > > Date: 7/10/2001 Time: 14:35:25 > Rule "gather" blocked (64.223.148.27,27015). Details: > Inbound UDP packet > Local address,service is (64.223.148.27,27015) > Remote address,service is (210.200.95.67,2101) APOL > Process name is "N/A" > descr: Asia Pacific Online Services Inc > > descr: Internet Service Provider > > country: TW > > > > Date: 7/10/2001 Time: 14:35:02 > Rule "gather" blocked (64.223.148.27,27015). Details: > Inbound UDP packet > Local address,service is (64.223.148.27,27015) > Remote address,service is (202.129.233.23,1914) > tp233023.seeder.net > Process name is "N/A" > > > > > ---------------------------------------------------------------------------- > > > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: > > http://aris.securityfocus.com -- Matt Stockdale Sr. NOC Engineer Digital Telemedia ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jul 11 2001 - 17:01:49 PDT