UDP port 500 bombarding ?

- A
- andre
  
  Contact options for registered users
posted
16 years ago

Wed, Jun 27, 2007 10:05 AM

Hello all ! May be I'm stupid, but I have no found answer on the net about that. My firewall iptables log is full of lines like this one :

Drop input:IN=eth0 OUT= MAC=00:40:63:e8:5d:3d:00:17:e0:84:97:ff:08:00 SRC=69.181.11.173 DST=XX.XXX.XXX.XX LEN=812

+TOS=0x00 PREC=0x00 TTL=100 ID=42287 PROTO=UDP *SPT=500 DPT=500* LEN=792

If I do a whois request, I don't understand the result :

Loading thread data ...

- B
- Burkhard Ott
  
  Contact options for registered users
Vote on answer
posted
16 years ago

Wed, Jun 27, 2007 11:37 AM

Am Wed, 27 Jun 2007 11:05:34 +0100 schrieb andre:

Hi,

SRC=69.181.11.173 DST=XX.XXX.XXX.XX LEN=812

Looks like that somebody tries a isakmp (IPSec) connect to your host.

69.180.0.0 - 69.181.255.255

69.181.0.0 - 69.181.255.255

Registrant: Comcast Corporation 1500 Market Street Philadelphia, PA 19102 US

Domain Name: COMCAST.NET

Administrative Contact: Administrator, Domain Registration ContactMiddleName snipped-for-privacy@COMCAST.net Comcast Corporation 1500 Market, West Tower Philadelphia, PA 19102 US 215-320-8774 fax: 215-564-0132

Technical Contact: Technical Contact, Domain Reg ContactMiddleName snipped-for-privacy@comcastonline.com Comcast Corporation 1500 Market St. 9Fl West Philadelphia, PA 19102 US 215-320-8774 fax: 215-564-0132

cheers

- B
- Burkhard Ott
  
  Contact options for registered users
Vote on answer
posted
16 years ago

Wed, Jun 27, 2007 11:38 AM

Am Wed, 27 Jun 2007 11:05:34 +0100 schrieb andre:

Hi,

SRC=69.181.11.173 DST=XX.XXX.XXX.XX LEN=812

seems 2 be a isakmp connect

69.180.0.0 - 69.181.255.255

69.181.0.0 - 69.181.255.255

Registrant: Comcast Corporation 1500 Market Street Philadelphia, PA 19102 US

Domain Name: COMCAST.NET

Administrative Contact: Administrator, Domain Registration ContactMiddleName snipped-for-privacy@COMCAST.net Comcast Corporation 1500 Market, West Tower Philadelphia, PA 19102 US 215-320-8774 fax: 215-564-0132

Technical Contact: Technical Contact, Domain Reg ContactMiddleName snipped-for-privacy@comcastonline.com Comcast Corporation 1500 Market St. 9Fl West Philadelphia, PA 19102 US 215-320-8774 fax: 215-564-0132

cheers

- A
- andre
  
  Contact options for registered users
Vote on answer
posted
16 years ago

Wed, Jun 27, 2007 11:55 AM

SRC=69.181.11.173 DST=XX.XXX.XXX.XX LEN=812

69.180.0.0 - 69.181.255.255

69.181.0.0 - 69.181.255.255

snipped-for-privacy@COMCAST.net

snipped-for-privacy@comcastonline.com

- B
- Burkhard Ott
  
  Contact options for registered users
Vote on answer
posted
16 years ago

Wed, Jun 27, 2007 12:27 PM

Am Wed, 27 Jun 2007 12:55:18 +0100 schrieb andre:

Don't mention it.

69.180.0.0 - 69.181.255.255

69.181.0.0 - 69.181.255.255

The IP is registered for comcast, so asked the whois server for comcast and got the informations.

cheers

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.