| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dotslash at snosoft.com (KF) Subject: Anyone else exoeriencing blasts o' port 6129 TCP? heres the few I noticed... /var/log/messages.0:Dec 21 08:57:13 SRC=65.86.203.131 /var/log/messages.0:Dec 21 08:57:16 SRC=65.86.203.131 /var/log/messages.0:Dec 21 12:10:02 SRC=64.2.78.115 /var/log/messages.0:Dec 21 12:10:05 SRC=64.2.78.115 /var/log/messages.0:Dec 21 19:55:21 SRC=213.85.35.74 /var/log/messages.0:Dec 21 21:21:58 SRC=128.184.132.14 /var/log/messages.0:Dec 21 21:22:01 SRC=128.184.132.14 /var/log/messages.0:Dec 22 16:07:43 SRC=194.20.0.236 /var/log/messages.0:Dec 22 16:07:46 SRC=194.20.0.236 /var/log/messages.0:Dec 22 17:04:07 SRC=80.177.237.99 /var/log/messages.0:Dec 22 17:04:10 SRC=80.177.237.99 /var/log/messages.0:Dec 22 17:30:22 SRC=134.36.192.89 /var/log/messages.0:Dec 24 10:38:04 SRC=64.51.206.152 /var/log/messages.0:Dec 24 10:38:07 SRC=64.51.206.152 /var/log/messages.0:Dec 25 13:15:32 SRC=141.157.18.133 /var/log/messages.0:Dec 26 14:13:39 SRC=172.183.77.179 /var/log/messages.0:Dec 26 14:13:41 SRC=172.183.77.179 /var/log/messages.0:Dec 27 04:55:17 SRC=213.254.232.66 /var/log/messages.0:Dec 27 04:55:20 SRC=213.254.232.66 /var/log/messages.0:Dec 27 05:22:29 SRC=208.48.149.246 /var/log/messages.0:Dec 27 05:22:32 SRC=208.48.149.246 /var/log/messages.1:Dec 20 21:11:15 SRC=199.88.71.6 /var/log/messages.1:Dec 20 21:11:18 SRC=199.88.71.6 /var/log/messages:Dec 28 11:09:03 SRC=210.22.178.83 /var/log/messages:Dec 28 11:09:06 SRC=210.22.178.83 /var/log/messages:Dec 28 17:08:04 SRC=200.252.36.40 /var/log/messages:Dec 28 17:08:07 SRC=200.252.36.40 /var/log/messages:Dec 28 19:31:41 SRC=195.241.11.241 /var/log/messages:Dec 28 19:31:44 SRC=195.241.11.241 /var/log/messages:Dec 29 04:43:14 SRC=130.91.32.32 /var/log/messages:Dec 29 04:46:23 SRC=63.237.197.12 /var/log/messages:Dec 29 17:51:37 SRC=67.83.147.129 /var/log/messages:Dec 30 10:57:53 SRC=217.194.66.147 /var/log/messages:Dec 30 10:57:56 SRC=217.194.66.147 /var/log/messages:Dec 30 20:00:38 SRC=168.70.226.130 /var/log/messages:Dec 31 17:29:08 SRC=62.48.148.71 /var/log/messages:Dec 31 17:29:11 SRC=62.48.148.71 /var/log/messages:Jan 1 02:28:14 SRC=66.142.227.37 /var/log/messages:Jan 1 02:28:17 SRC=66.142.227.37 /var/log/messages:Jan 1 21:22:17 SRC=83.26.10.121 /var/log/messages:Jan 1 21:22:20 SRC=83.26.10.121 /var/log/messages:Jan 1 21:33:49 SRC=207.136.170.104 /var/log/messages:Jan 1 21:33:52 SRC=207.136.170.104 /var/log/messages:Jan 2 11:30:30 SRC=195.67.100.245 /var/log/messages:Jan 2 11:30:33 SRC=195.67.100.245 /var/log/messages:Jan 2 22:14:58 SRC=167.21.229.152 /var/log/messages:Jan 3 08:49:49 SRC=216.61.103.112 /var/log/messages:Jan 3 08:49:52 SRC=216.61.103.112 -KF Jim Race wrote: > Rob Schrack wrote: > >> Oh yeah... just after Christmas, 6129 accounted for maybe 25% of the >> packets >> we submitted to dshield. In the past 5 days, they've accounted for >> nearly >> 1/2 of two million plus packets. >> >> I've been wonderin' if anyone else had been seeing it.... > > > Yup. As an example of what I mean by "blast", I get short periods of > (likely spoofed) 6129 traffic followed by lots of normal stuff with an > occasional single hit here and there. A "blast" from yesterday: > > 2004-01-02 15:25:06 24.200.77.210 6129 6 > 2004-01-02 15:25:06 80.081.125.254 6129 6 > 2004-01-02 15:25:07 24.3.127.085 6129 6 > 2004-01-02 15:26:22 69.144.204.162 6129 6 > 2004-01-02 15:27:15 80.239.41.48 6129 6 > 2004-01-02 15:27:16 24.70.213.11 6129 6 > 2004-01-02 15:28:57 24.127.169.144 6129 6 > 2004-01-02 15:28:59 80.33.96.251 6129 6 > 2004-01-02 15:29:22 24.64.125.101 6129 6 > 2004-01-02 15:29:27 24.55.117.113 6129 6 > 2004-01-02 15:30:15 24.94.189.230 6129 6 > 2004-01-02 15:30:15 24.42.53.119 6129 6 > 2004-01-02 15:30:16 24.203.140.153 6129 6 > 2004-01-02 15:30:42 24.193.166.42 6129 6 > 2004-01-02 15:32:49 80.14.114.164 6129 6 > 2004-01-02 15:32:51 69.139.158.165 6129 6 > 2004-01-02 15:34:15 24.130.211.34 6129 6 > 2004-01-02 15:34:34 68.65.36.214 6129 6 > 2004-01-02 15:34:35 24.84.152.132 6129 6 > 2004-01-02 15:36:18 24.202.114.152 6129 6 > 2004-01-02 15:38:03 192.216.83.87 6129 6 > 2004-01-02 15:40:06 218.108.254.61 6129 6 > 2004-01-02 15:40:07 24.200.160.215 6129 6 > 2004-01-02 15:40:09 24.48.151.18 6129 6 > 2004-01-02 15:40:09 66.188.46.208 6129 6 > 2004-01-02 15:41:54 68.144.128.218 6129 6 > 2004-01-02 15:43:10 24.87.130.66 6129 6 > 2004-01-02 15:43:32 24.6.159.140 6129 6 > 2004-01-02 15:43:37 210.193.26.195 6129 6 > 2004-01-02 15:44:17 24.88.134.190 6129 6 > 2004-01-02 15:46:42 24.193.93.205 6129 6 > 2004-01-02 15:47:36 24.151.138.70 6129 6 > 2004-01-02 15:48:35 24.83.173.125 6129 6 > 2004-01-02 15:49:12 80.204.82.76 6129 6 > 2004-01-02 15:49:58 24.157.4.185 6129 6 > 2004-01-02 15:49:59 66.65.92.034 6129 6 > 2004-01-02 15:51:07 24.131.248.232 6129 6 > 2004-01-02 15:51:24 24.57.8.178 3 6129 6 > 2004-01-02 15:51:52 24.169.56.121 6129 6 > 2004-01-02 15:51:57 24.98.11.85 6129 6 > 2004-01-02 15:52:40 24.47.246.123 6129 6 > 2004-01-02 15:53:16 66.214.21.149 6129 6 > 2004-01-02 15:54:17 64.94.199.9 6129 6 > 2004-01-02 15:54:49 24.46.13.66 6129 6 > 2004-01-02 15:55:35 69.139.147.196 6129 6 > 2004-01-02 15:55:39 24.167.183.9 6129 6 > 2004-01-02 15:55:55 24.5.172.219 6129 6 > 2004-01-02 15:56:35 24.87.81.53 6129 6 > 2004-01-02 15:56:39 24.192.213.215 6129 6 > 2004-01-02 15:58:10 80.19.53.202 6129 6 > > -jim > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists