Re: [gentoo-user] 161 UDP Constant Connections

Fri, 08 Jul 2005 07:42:47 -0700 


Michael Thompson wrote:
> This IP 212.56.68.108 has been attempting to contact Port 161 UDP for
> Months.

Are you running SNMP on your box? Port 161 is SNMP, if you have it open
to the outside world, could it be collecting data - hence often connections?

> 
> No when I try and run a NMAP scan against the box, I get my own logs filled
> with the NMAP Scan. It is like 212.56.68.108 is mirroring to my IP Space.
> And I dont Understand why!
> 
> The connecting IP is in my ISP range, however it has no rDNS which the ISP
> would do according to their technical support. It maps back to
> hugeglobal.net

Contact your ISPs support department - see if they can help at all?

> 
> I'm not entirely sure it is a customer's machine, even though it is within
> the ISP IP range.  It's rDNS shows it is
> 
> hugeglobal.net.  
> 
> The odd thing to me, is if one does a lookup on hugeglobal.net one gets
> 
> 82.103.128.2  and the rDNS of that is
> 
> e82-103-128-2s.easyspeedy.com
> 

Possible the original hugeglobal.net machine has since changed ISPs but
the old IP has been re-assigned without the rDNS entry being changed?

> Not one of the local ISP I am using. 
> 
> Telnetting to the IP gives this:
> 
> Telnet 212.56.68.108 connects giving...
> 
>         _                                _              _
>    ___ | |_ _ __    _ __ ___  __ _ _   ()_ __ ___  __| |
>   / _ \| __| '_ \  | '__/ _ \/ _` | | | | | '__/ _ \/ _` |
> | (_) | |_| |_) | | | |  __/ (_| | |_| | | | |  __/ (_| |
>   \___/ \__| .__/  |_|  \___|\__, |\__,_|_|_|  \___|\__,_|
>            |_|                  |_|
>    If you do not have a CMN registered OTP device you
>    will not be able to login.
> 
>    OTP USERS:  THIS CONNECTION IS NOT ENCRYPTED, BE SMART
> 
> larabee login:
> 
> 
> Any one got any ideas?
> 
> 
you could just try blackholing the IP at your firewall, or as i've
already mentioned - try and contact your ISP with all you know and see
if htey can shed any light on it - its possible a comprimised box.
-- 
Tim Igoe
[EMAIL PROTECTED]
http://tim.igoe.me.uk - Personal Site
http://tv.igoe.me.uk - UK TV Guide

"Computers are like Air-con, open windows and they stop working!"

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to