Massive port probs on 3123

["Dominick.S" <dsardina () si rr com>]

Hey List:

Need ya help please....

Im being attacked on port 3123 as you can see on my "Incoming" router = log.

66.135.143.20 3123
212.126.10.100 3123
24.160.119.181 3123
66.135.143.20 3123
212.126.10.100 3123
66.135.143.20 3123
24.160.119.181 3123
66.135.143.20 3123
217.217.49.108 3123
66.135.143.20 3123
24.31.216.77 3123
217.217.49.108 3123
66.135.143.20 3123
217.217.49.108 3123
66.135.143.20 3123

So I pick out one of the IP's and email the hostmaster about the attack, =
and this is his reply below. .. .. Hello,
   These 'attacks' are you running KaZaA. This IP is your KaZaA = supernode.
Please learn how to use and understand your firewall.

-nm
----------------------------------------------

I DONT RUN KAZAA!!!=20
WHY IS HE SAYING THIS CRAP!
My network is very very small, and its virus free and bot/trojan free.=20
Firewall/Router, and desktops have Firewalls.=20 Kazaa is nowhere
installed!! AND... that isnt the right port for a = supernode anyway!!!
----------------------------------------------

This is the letter I sent him..before his shitty reply.

Dominick.S wrote:

> To whom it may concern:
>
> Please have someone stop this machine from attacking my IP Address on 
> port 3123. The attacking IP Address and Mask is below:
> ---------------------------------------------------------------------
>
> Attacker IP Address: 66.135.130.125
>
> Attacker HostName:  ip125.citycenter.sfo.interquest.net
>
> ---------------------------------------------------------------------
> Jun 12, 2003 20:37:26.359 UTC  -  (UDP) 66.135.130.125 : 2650  >>> 
> my.ip.address : 3123 Jun 12, 2003 20:33:04.328 UTC  -  (UDP) 
> 66.135.130.125 : 2650  >>> my.ip.address : 3123 Jun 12, 2003 
> 20:30:30.234 UTC  -  (UDP) 66.135.130.125 : 2650  >>> my.ip.address : 
> 3123 Jun 12, 2003 20:25:44.375 UTC  -  (UDP) 66.135.130.125 : 2650  
> > > > my.ip.address : 3123
> Jun 12, 2003 20:25:43.218 UTC  -  (UDP) 66.135.130.125 : 2650  >>>
> my.ip.address : 3123
> Jun 12, 2003 20:20:11.250 UTC  -  (UDP) 66.135.130.125 : 2650  >>>
> my.ip.address : 3123
> Jun 12, 2003 20:10:45.375 UTC  -  (UDP) 66.135.130.125 : 2650  >>>
> my.ip.address : 3123
> Jun 12, 2003 20:07:11.265 UTC  -  (UDP) 66.135.130.125 : 2650  >>>
> my.ip.address : 3123
> Jun 12, 2003 20:04:48.343 UTC  -  (UDP) 66.135.130.125 : 2650  >>>
> my.ip.address : 3123
> Jun 12, 2003 19:59:57.343 UTC  -  (UDP) 66.135.130.125 : 2650  >>>
> my.ip.address : 3123
> Jun 12, 2003 19:54:49.359 UTC  -  (UDP) 66.135.130.125 : 2650  >>>
> my.ip.address : 3123
> Jun 12, 2003 19:52:50.296 UTC  -  (UDP) 66.135.130.125 : 2650  >>>
> my.ip.address : 3123
> Jun 12, 2003 19:47:16.375 UTC  -  (UDP) 66.135.130.125 : 2650  >>>
> my.ip.address : 3123
>
> Please have someone take a look at this offending machine.
>
>
> Thanks Again,
> Dominick S.


Im getting very angry over here, what should I do?
The port is blocked @ the firewall. What else should I do??

Thanks for the help in Advance!!



---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------