[nsp-sec] Constant scanning from the same /24 in AS4837

Daniel Adinolfi dra1 at postoffice9.mail.cornell.edu
Tue Sep 30 08:23:18 EDT 2008 

Folks,

For the last month, we've been seeing udp scans of our networks on  
ports 1026 and 1027 from various hosts in the 202.97.238/24 network.   
A sample from last night:

202.97.238.195 (not registered) : ports : 1026/udp 1027/udp
202.97.238.197 (not registered) : ports : 1026/udp 1027/udp
202.97.238.199 (not registered) : ports : 1026/udp 1027/udp
202.97.238.201 (not registered) : ports : 1026/udp 1027/udp
202.97.238.206 (not registered) : ports : 1026/udp 1027/udp
202.97.238.207 (not registered) : ports : 1026/udp 1027/udp
202.97.238.210 (not registered) : ports : 1026/udp 1027/udp
202.97.238.211 (not registered) : ports : 1026/udp 1027/udp
202.97.238.226 (not registered) : ports : 1026/udp 1027/udp
202.97.238.230 (not registered) : ports : 1026/udp 1027/udp
202.97.238.231 (not registered) : ports : 1026/udp 1027/udp
202.97.238.233 (not registered) : ports : 1026/udp 1027/udp
202.97.238.235 (not registered) : ports : 1026/udp 1027/udp

[ Informations about 202.97.238.233 ]

  IP range     :    202.97.238.0 - 202.97.238.255
  Network name :    HLJ-EDU-COMMITTEE
  Infos        :    Hei Long Jiang province education committee
  Country      :    China (CN)
  Abuse E-mail :    gaobh at mail.hl.cn
  Source       :    APNIC


AS      | IP               | AS Name
4837    | 202.97.238.233   | CHINA169-BACKBONE CNCGROUP China169  
Backbone
[namshub:~] dra1% asn-upstream 202.97.238.233
PEER_AS | IP               | AS Name
174     | 202.97.238.233   | COGENT Cogent/PSI
701     | 202.97.238.233   | UUNET - MCI Communications Services, Inc.  
d/b/a Verizon Business
1239    | 202.97.238.233   | SPRINTLINK - Sprint
2516    | 202.97.238.233   | KDDI KDDI CORPORATION
3257    | 202.97.238.233   | TISCALI-BACKBONE Tiscali Intl Network BV
3320    | 202.97.238.233   | DTAG Deutsche Telekom AG
3491    | 202.97.238.233   | BTN-ASN - Beyond The Network America, Inc.
4134    | 202.97.238.233   | CHINANET-BACKBONE No.31,Jin-rong Street
6453    | 202.97.238.233   | GLOBEINTERNET TATA Communications
7018    | 202.97.238.233   | ATT-INTERNET4 - AT&T WorldNet Services
7473    | 202.97.238.233   | SINGTEL-AS-AP Singapore Telecom


It's not particularly bothersome, but after a month, maybe they want  
to quit it?  Does anyone have a contact there who can bop them on the  
head?

Thanks.

-Dan


_________________
Daniel Adinolfi, CISSP
Senior Security Engineer, IT Security Office
Cornell University - Office of Information Technologies
email: dra1 at cornell.edu   phone: 607-255-7657

More information about the nsp-security mailing list