[nsp-sec] Odd "attack" traffic

David Freedman david.freedman at uk.clara.net
Tue Dec 28 19:09:51 EST 2010 

Nothing for me either, I'm not seeing any of this traffic , would love to
see one of the captured packets from sources/destinations you have seen an
increase to...


On 29/12/2010 00:07, "jose nazario" <jose at arbor.net> wrote:

> ----------- nsp-security Confidential --------
> 
> On Dec 28, 2010, at 6:52 PM, Kevin Oberman wrote:
> 
>> For some time I have been seeing I have been continual packets
>> destined
>> for an unused port, 17368/udp. I've looked around for some idea of
>> what
>> the reason might be for this, ut all I can find is a passing reference
>> to apache v2.
> 
> no idea, either. here is the ATLAS Service Report for UDP/17368 over
> the past 24 hours. note we have no vulns or apps mapped to it, and
> have no classified exploit traffic there, either.  -- jose
> 
> Service Background
> Description, ""
> Vendors, ""
> 
> Vulnerabilities
> CVE ID, Age (Days), Description
> 
> 
> Attacks
> Description, Attacks per subnet, Percent Change, Latest CVE, Percent
> Total
> Other, 0.00, 0, , 0.0
> 
> 
> 
> Country, Country Name, Attacks per subnet, Percent Total
> Other, N/A, 0.00, 0.0%
> 
> ASN, ASN Name, Attacks per subnet, Percent Total
> Other, N/A, 0.00, 0.0%
> 
> Host, Host Name, Attacks per subnet, Percent Total
> Other, N/A, 0.00, 0.0%
> 
> Scans
> 
> Country, Country Name, Bytes per subnet, Percent Total
> CN, "China", 223.109497, 98.1%
> TR, "Turkey", 2.955307, 1.3%
> IL, "Israel", 1.473184, 0.6%
> Other, N/A, 0, 0.0%
> 
> ASN, ASN Name, Bytes per subnet, Percent Total
> 4134, "AS4134 (CHINANET-BACKBONE)", 138.341899, 60.8%
> 4812, "AS4812 (CHINANET-SH-AP)", 84.288268, 37.0%
> 8386, "AS8386 (KOCNET)", 2.955307, 1.3%
> 8551, "AS8551 (BEZEQ-INTERNATIONAL-AS)", 1.473184, 0.6%
> 4847, "AS4847 (CNIX-AP)", 0.47933, 0.2%
> Other, N/A, 0, 0.0%
> 
> Host, Host Name, Bytes per subnet, Percent Total
> 119.86.133.7, "119.86.133.7", 83.587709, 36.7%
> 116.236.144.37, "116.236.144.37", 81.486034, 35.8%
> 110.84.30.36, "110.84.30.36", 52.615642, 23.1%
> 195.87.57.99, "195.87.57.99", 2.955307, 1.3%
> 124.79.222.49, "124.79.222.49", 2.802235, 1.2%
> 124.114.130.122, "124.114.130.122", 1.659218, 0.7%
> 62.219.133.36, "62.219.133.36", 1.473184, 0.6%
> 182.151.209.130, "182.151.209.130", 0.47933, 0.2%
> 124.126.177.100, "124.126.177.100", 0.47933, 0.2%
> Other, N/A, 0, 0.0%
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________

--

David Freedman
Group Network Engineering

david.freedman at uk.clara.net
Tel +44 (0) 20 7685 8000

Claranet Group
21 Southampton Row
London - WC1B 5HA - UK
http://www.claranet.com

Company Registration: 3152737 - Place of registration: England

All the information contained within this electronic message from Claranet
Ltd is covered by the disclaimer at http://www.claranet.co.uk/disclaimer

More information about the nsp-security mailing list