Re: port 17027

["S. Jonah Pressman" <jonah () istar ca>]

Ken:

You might be interested that your query is not a new one.  I refer you and other interested parties to a response to a 
similar query from
<groan>
  last century
</groan>

http://www.netsys.com/firewalls/firewalls-9810/0171.html

Best Regards,
Jonah

Ken Fox wrote:

> Has anyone seen heavy activity on port 17027 from boxes inside a firewall -- specifically, a number of users systems 
> keep trying to send tcp packets to ip addresses in the 216.33.0.0 through 216.35.0.0 range with a desitination port 
> of 17027.
>
> That address range is owned by exodus.net , and further the individuals IP addresses are owned by
>
> %rwhois V-1.5:003fff:00 rwhois.exodus.net (by Network Solutions, Inc. V-1.5.3)
>     network:Auth-Area:216.33.0.0/16
>     network:Class-Name:network
>     network:Network-Name:216.33.208.0
>     network:IP-Network:216.33.208.0/20
>     network:Organization;I:DIALTONE INTERNET
>     network:Address-1;I:18331 Pines Blvd
>     network:Address-2;I:Pembroke Pines, FL 33029
>     network:Admin-Contact;I:DNS () DIALTONEINTERNET NET
>     network:Tech-Contact;I:DNS () DIALTONEINTERNET NET
>     network:Created:99-MAY-20
>     network:Updated-By:dave
>
> This company provides Datacenter capabilities. Co-location ...
>
> We have been hypothesizing that this could be some ICQ type app or some malicious bug that someone(s) has/have caught 
> by surfing in the wrong places.
>
> In the cases where we have contacted the owners of the systems sending these packets, they have been clearly clueless 
> about the traffic emanating from thier computers.
>
> HAs anyone else seen this?
>
> Thanks, Ken

--

S. Jonah Pressman
Sr. Mgr. Site Operations
Mediconsult.COM
jpressman () mediconsult com

------------ 'ome is where you hang your @ -----------------