UDP scans from AOL NS boxes?

[Mike Mills <mmills () dpwt com>]

The machines listed below have been running UDP scans against our firewall 
for some time.  The scans really picked up on March 18th, but never got 
more than 20 a day or so.  These scans are apparently on random UDP ports, 
and from randomly selected machines in the list below.  If anyone is 
interested, I have all of the events this year in a spreadsheet.

They are nearly unnoticeable when displayed by date and time, but become 
apparent when sorted by source IP. 

Has anyone else experienced scans like this from these boxes?


I spoke to AOL, and they confirmed my beliefs and said that indeed people 
were bouncing off their servers looking for trojaned UDP ports. 

 1) They are aware of it and we aren't the only one's who contacted them 
about it. 

 2) They know that they can easily stop the behavior, but they won't 
pursue the issue unless we have suffered some kind of loss. 



152.163.159.225 rtc-ext1.ns.aol.com
152.163.159.226 rtc-ext2.ns.aol.com
152.163.159.227 rtc-ext3.ns.aol.com
152.163.159.228 rtc-ext4.ns.aol.com
152.163.159.229 rtc-ext5.ns.aol.com
152.163.159.230 rtc-ext6.ns.aol.com
205.188.157.225 dtc-ext1.ns.aol.com
205.188.157.226 dtc-ext2.ns.aol.com
205.188.157.227 dtc-ext3.ns.aol.com
205.188.157.228 dtc-ext4.ns.aol.com
205.188.157.230 dtc-ext6.ns.aol.com
64.12.51.129    mtc-ext1.ns.aol.com
64.12.51.130    mtc-ext2.ns.aol.com
64.12.51.141    mtc-ext3.ns.aol.com
64.12.51.142    mtc-ext4.ns.aol.com
64.12.51.143    mtc-ext5.ns.aol.com
64.12.51.144    mtc-ext6.ns.aol.com

----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-incidents