Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Anyone else exoeriencing blasts o' port 6129 TCP?

From: KF <dotslash () snosoft com>
Date: Sat, 03 Jan 2004 20:24:52 -0500
heres the few I noticed...

/var/log/messages.0:Dec 21 08:57:13 SRC=65.86.203.131
/var/log/messages.0:Dec 21 08:57:16 SRC=65.86.203.131
/var/log/messages.0:Dec 21 12:10:02 SRC=64.2.78.115
/var/log/messages.0:Dec 21 12:10:05 SRC=64.2.78.115
/var/log/messages.0:Dec 21 19:55:21 SRC=213.85.35.74
/var/log/messages.0:Dec 21 21:21:58 SRC=128.184.132.14
/var/log/messages.0:Dec 21 21:22:01 SRC=128.184.132.14
/var/log/messages.0:Dec 22 16:07:43 SRC=194.20.0.236
/var/log/messages.0:Dec 22 16:07:46 SRC=194.20.0.236
/var/log/messages.0:Dec 22 17:04:07 SRC=80.177.237.99
/var/log/messages.0:Dec 22 17:04:10 SRC=80.177.237.99
/var/log/messages.0:Dec 22 17:30:22 SRC=134.36.192.89
/var/log/messages.0:Dec 24 10:38:04 SRC=64.51.206.152
/var/log/messages.0:Dec 24 10:38:07 SRC=64.51.206.152
/var/log/messages.0:Dec 25 13:15:32 SRC=141.157.18.133
/var/log/messages.0:Dec 26 14:13:39 SRC=172.183.77.179
/var/log/messages.0:Dec 26 14:13:41 SRC=172.183.77.179
/var/log/messages.0:Dec 27 04:55:17 SRC=213.254.232.66
/var/log/messages.0:Dec 27 04:55:20 SRC=213.254.232.66
/var/log/messages.0:Dec 27 05:22:29 SRC=208.48.149.246
/var/log/messages.0:Dec 27 05:22:32 SRC=208.48.149.246
/var/log/messages.1:Dec 20 21:11:15 SRC=199.88.71.6
/var/log/messages.1:Dec 20 21:11:18 SRC=199.88.71.6
/var/log/messages:Dec 28 11:09:03 SRC=210.22.178.83
/var/log/messages:Dec 28 11:09:06 SRC=210.22.178.83
/var/log/messages:Dec 28 17:08:04 SRC=200.252.36.40
/var/log/messages:Dec 28 17:08:07 SRC=200.252.36.40
/var/log/messages:Dec 28 19:31:41 SRC=195.241.11.241
/var/log/messages:Dec 28 19:31:44 SRC=195.241.11.241
/var/log/messages:Dec 29 04:43:14 SRC=130.91.32.32
/var/log/messages:Dec 29 04:46:23 SRC=63.237.197.12
/var/log/messages:Dec 29 17:51:37 SRC=67.83.147.129
/var/log/messages:Dec 30 10:57:53 SRC=217.194.66.147
/var/log/messages:Dec 30 10:57:56 SRC=217.194.66.147
/var/log/messages:Dec 30 20:00:38 SRC=168.70.226.130
/var/log/messages:Dec 31 17:29:08 SRC=62.48.148.71
/var/log/messages:Dec 31 17:29:11 SRC=62.48.148.71
/var/log/messages:Jan 1 02:28:14 SRC=66.142.227.37
/var/log/messages:Jan 1 02:28:17 SRC=66.142.227.37
/var/log/messages:Jan 1 21:22:17 SRC=83.26.10.121
/var/log/messages:Jan 1 21:22:20 SRC=83.26.10.121
/var/log/messages:Jan 1 21:33:49 SRC=207.136.170.104
/var/log/messages:Jan 1 21:33:52 SRC=207.136.170.104
/var/log/messages:Jan 2 11:30:30 SRC=195.67.100.245
/var/log/messages:Jan 2 11:30:33 SRC=195.67.100.245
/var/log/messages:Jan 2 22:14:58 SRC=167.21.229.152
/var/log/messages:Jan 3 08:49:49 SRC=216.61.103.112
/var/log/messages:Jan 3 08:49:52 SRC=216.61.103.112

-KF


Jim Race wrote:

Rob Schrack wrote:
Oh yeah... just after Christmas, 6129 accounted for maybe 25% of the packets we submitted to dshield. In the past 5 days, they've accounted for nearly 
1/2 of two million plus packets.

I've been wonderin' if anyone else had been seeing it....
Yup. As an example of what I mean by "blast", I get short periods of (likely spoofed) 6129 traffic followed by lots of normal stuff with an occasional single hit here and there. A "blast" from yesterday:
2004-01-02 15:25:06 24.200.77.210 6129 6 2004-01-02 15:25:06 80.081.125.254 6129 6 2004-01-02 15:25:07 24.3.127.085 6129 6 2004-01-02 15:26:22 69.144.204.162 6129 6 2004-01-02 15:27:15 80.239.41.48 6129 6 2004-01-02 15:27:16 24.70.213.11 6129 6 2004-01-02 15:28:57 24.127.169.144 6129 6 2004-01-02 15:28:59 80.33.96.251 6129 6 2004-01-02 15:29:22 24.64.125.101 6129 6 2004-01-02 15:29:27 24.55.117.113 6129 6 2004-01-02 15:30:15 24.94.189.230 6129 6 2004-01-02 15:30:15 24.42.53.119 6129 6 2004-01-02 15:30:16 24.203.140.153 6129 6 2004-01-02 15:30:42 24.193.166.42 6129 6 2004-01-02 15:32:49 80.14.114.164 6129 6 2004-01-02 15:32:51 69.139.158.165 6129 6 2004-01-02 15:34:15 24.130.211.34 6129 6 2004-01-02 15:34:34 68.65.36.214 6129 6 2004-01-02 15:34:35 24.84.152.132 6129 6 2004-01-02 15:36:18 24.202.114.152 6129 6 2004-01-02 15:38:03 192.216.83.87 6129 6 2004-01-02 15:40:06 218.108.254.61 6129 6 2004-01-02 15:40:07 24.200.160.215 6129 6 2004-01-02 15:40:09 24.48.151.18 6129 6 2004-01-02 15:40:09 66.188.46.208 6129 6 2004-01-02 15:41:54 68.144.128.218 6129 6 2004-01-02 15:43:10 24.87.130.66 6129 6 2004-01-02 15:43:32 24.6.159.140 6129 6 2004-01-02 15:43:37 210.193.26.195 6129 6 2004-01-02 15:44:17 24.88.134.190 6129 6 2004-01-02 15:46:42 24.193.93.205 6129 6 2004-01-02 15:47:36 24.151.138.70 6129 6 2004-01-02 15:48:35 24.83.173.125 6129 6 2004-01-02 15:49:12 80.204.82.76 6129 6 2004-01-02 15:49:58 24.157.4.185 6129 6 2004-01-02 15:49:59 66.65.92.034 6129 6 2004-01-02 15:51:07 24.131.248.232 6129 6 2004-01-02 15:51:24 24.57.8.178 3 6129 6 2004-01-02 15:51:52 24.169.56.121 6129 6 2004-01-02 15:51:57 24.98.11.85 6129 6 2004-01-02 15:52:40 24.47.246.123 6129 6 2004-01-02 15:53:16 66.214.21.149 6129 6 2004-01-02 15:54:17 64.94.199.9 6129 6 2004-01-02 15:54:49 24.46.13.66 6129 6 2004-01-02 15:55:35 69.139.147.196 6129 6 2004-01-02 15:55:39 24.167.183.9 6129 6 2004-01-02 15:55:55 24.5.172.219 6129 6 2004-01-02 15:56:35 24.87.81.53 6129 6 2004-01-02 15:56:39 24.192.213.215 6129 6 2004-01-02 15:58:10 80.19.53.202 6129 6
-jim 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: