|
Posted by Anders on October 18, 2005, 5:04 pm
If you were Registered and logged in, you could reply and use other advanced thread options
kmtanner@cyberspace.org wrote:
> Hi people. I get constant & regular port scans from these IP
> addresses:
>
> 61.137.117.208
> 61.233.40.205
> 61.237.29.102
> 61.237.3.70
> 61.235.144.86
>
> Severity: Minor
> Direction: Incoming
> Protocol: UDP
>
> ARIN and RIPE whois servers don't give any information about any
> of these addresses. It kinda bugs me because they're constant
> scans. Probably caused by some application I've installed (like
> automatic update check or...)
>
> Could anyone enlighten me? Thanks in advance.
>
It looks like it is China messenger spam to me, are they using udp on
port 1026,1027 it probable is.
61.137.117.208
61.137.0.0 - 61.137.127.255
netname: CHINANET-HN
country: CN
descr: CHINANET Hunan province network
descr: China Telecom
61.233.40.205
61.233.40.0 - 61.233.40.255
netname: CRHbYqS
country: CN
descr: China Railcom Hebei Yangquan Subbranch
descr: Telecommunication
61.237.29.102
61.232.0.0 - 61.237.255.255
netname: CRTC
country: CN
descr: CHINA RAILWAY TELECOMMUNICATIONS CENTER
admin-c: LQ112-AP
tech-c: LM273-AP
status: ALLOCATED PORTABLE
61.237.3.70
61.232.0.0 - 61.237.255.255
netname: CRTC
country: CN
descr: CHINA RAILWAY TELECOMMUNICATIONS CENTER
admin-c: LQ112-AP
tech-c: LM273-AP
status: ALLOCATED PORTABLE
61.235.144.86
61.232.0.0 - 61.237.255.255
netname: CRTC
country: CN
descr: CHINA RAILWAY TELECOMMUNICATIONS CENTER
admin-c: LQ112-AP
tech-c: LM273-AP
status: ALLOCATED PORTABLE
| 
XML site map