Security Incidents mailing list archives
Re: 27015 probe increase??
From: bhc2 () cornell edu
Date: Wed, 11 Jul 2001 17:09:17 -0400 (EDT)
On Tue, 10 Jul 2001, cg wrote:
I've seen increased activity on port 27015. In the last half hour I've gotten the following probes. I'm just a lowley dsl user, not even pingable from outside. Rule "gather" blocked (xx.xxx.xxx.xx,27015). Details:
Port 27015 is the port used for the game "Half-Life," a First Person Shooter. I doubt you have much to worry about, from the fact that this was a two minute log and judging by the number of hits I would havt to guess that your IP (possibly it is assigned using DHCP?) was listed either online at a webpage or one one of the half life servers as hosting a game. Thus users would insruct their machines to connect to yours, in order to play. The IPs I regonize from the states all appear to be of Cable/DSL origin:
Remote address,service is (24.24.150.52,2756) we-24-24-150-52.we.mediaone.net Remote address,service is (24.250.96.93,22952 ci170011-a.athen1.ga.home.com Remote address,service is (65.81.53.244,22952) adsl-81-53-244.asm.bellsouth.net
The gaming community is well known as early adopter of Broadband in the pursuit of lower PING times to the server. If in fact your IP is assigned dynamically (DHCP, etc.) then this sounds very familiar to the port 6346 DOS reported last week; 6346 is actually the port used for the GNutella network; where a user with this IP previously had started and "announced"/broadcast services which you do not support. I hope this calms your fears slightly. It is always good to be diligent about security. -B ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Unicode Logs with Ping Activity myrddin_e (Jul 10)
- Re: Unicode Logs with Ping Activity Jordan K Wiens (Jul 10)
- 27015 probe increase?? cg (Jul 11)
- Re: 27015 probe increase?? bhc2 (Jul 11)
- Re: 27015 probe increase?? mstockda (Jul 11)
- Re: Unicode Logs with Ping Activity Blake Frantz (Jul 11)
- 27015 probe increase?? cg (Jul 11)
- Re: Unicode Logs with Ping Activity Vitaly Osipov (Jul 11)
- <Possible follow-ups>
- Re: Unicode Logs with Ping Activity myrddin_e (Jul 11)
- Re: Unicode Logs with Ping Activity Vitaly Osipov (Jul 13)
- Re: Unicode Logs with Ping Activity Jordan K Wiens (Jul 10)