[nsp-sec] Odd "attack" traffic

[jose nazario]

On Dec 28, 2010, at 6:52 PM, Kevin Oberman wrote:

> For some time I have been seeing I have been continual packets  
> destined
> for an unused port, 17368/udp. I've looked around for some idea of  
> what
> the reason might be for this, ut all I can find is a passing reference
> to apache v2.

no idea, either. here is the ATLAS Service Report for UDP/17368 over  
the past 24 hours. note we have no vulns or apps mapped to it, and  
have no classified exploit traffic there, either.  -- jose

Service Background
Description, ""
Vendors, ""

Vulnerabilities
CVE ID, Age (Days), Description


Attacks
Description, Attacks per subnet, Percent Change, Latest CVE, Percent  
Total
Other, 0.00, 0, , 0.0



Country, Country Name, Attacks per subnet, Percent Total
Other, N/A, 0.00, 0.0%

ASN, ASN Name, Attacks per subnet, Percent Total
Other, N/A, 0.00, 0.0%

Host, Host Name, Attacks per subnet, Percent Total
Other, N/A, 0.00, 0.0%

Scans

Country, Country Name, Bytes per subnet, Percent Total
CN, "China", 223.109497, 98.1%
TR, "Turkey", 2.955307, 1.3%
IL, "Israel", 1.473184, 0.6%
Other, N/A, 0, 0.0%

ASN, ASN Name, Bytes per subnet, Percent Total
4134, "AS4134 (CHINANET-BACKBONE)", 138.341899, 60.8%
4812, "AS4812 (CHINANET-SH-AP)", 84.288268, 37.0%
8386, "AS8386 (KOCNET)", 2.955307, 1.3%
8551, "AS8551 (BEZEQ-INTERNATIONAL-AS)", 1.473184, 0.6%
4847, "AS4847 (CNIX-AP)", 0.47933, 0.2%
Other, N/A, 0, 0.0%

Host, Host Name, Bytes per subnet, Percent Total
119.86.133.7, "119.86.133.7", 83.587709, 36.7%
116.236.144.37, "116.236.144.37", 81.486034, 35.8%
110.84.30.36, "110.84.30.36", 52.615642, 23.1%
195.87.57.99, "195.87.57.99", 2.955307, 1.3%
124.79.222.49, "124.79.222.49", 2.802235, 1.2%
124.114.130.122, "124.114.130.122", 1.659218, 0.7%
62.219.133.36, "62.219.133.36", 1.473184, 0.6%
182.151.209.130, "182.151.209.130", 0.47933, 0.2%
124.126.177.100, "124.126.177.100", 0.47933, 0.2%
Other, N/A, 0, 0.0%