Security Incidents mailing list archives

27015 probe increase??

From: "cg" <cg.me () verizon net>
Date: Tue, 10 Jul 2001 15:10:38 -0400

Hi All,
I've seen increased activity on port 27015. In the last half hour I've
gotten the following probes. I'm just a lowley dsl user, not even pingable
from outside.
Just thought it was strange. Anyone else seeing this?
The following are log entries from 2 minutes time, all unique sources only.
If anyone would like to see the whole log from the last half hour or so let
me know.
I'm going to shut down for a bit, just in case.
Thanks in advance for any ideas

cg

Date: 7/10/2001 Time: 14:37:51
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (24.24.150.52,2756)
we-24-24-150-52.we.mediaone.net
Process name is "N/A"


Date: 7/10/2001 Time: 14:37:50
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (203.73.101.81,2077)        SEEDNET
     Process name is "N/A"
descr:       Digital United Inc.

descr:       9F, No. 125, Song Jiang Road

descr:       Taipei, Taiwan



Date: 7/10/2001 Time: 14:37:43
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (217.81.88.127,2026)        Deutsche Telekom AG,
Internet service provider
Process name is "N/A"                                                DE

Date: 7/10/2001 Time: 14:37:42
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (61.221.178.65,2832)            Data Communication
Business Group, Chunghwa Telecom Co., Ltd.
   Process name is "N/A"
descr:       Commerical ISP

descr:       21, Section 1, Hsin-Yi Road, Taipei,

descr:       Taipei 100, Taiwan, R.O.C.


Date: 7/10/2001 Time: 14:36:59
Rule "1025" blocked (64.223.148.27,http).  Details:
Inbound TCP connection
Local address,service is (64.223.148.27,http)
Remote address,service is (216.205.189.219,4692)            Interliant
(NET-ILNT-216-205-0)
 Process name is "N/A"
Two Manhattanville Road

Purchase, NY 10577

US



Date: 7/10/2001 Time: 14:36:52
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (194.229.103.215,2538)          H. Ozcinar
 Process name is "N/A"
address:      UCC

address:      Postbus 1357

address:      NL-3430 BJ  Nieuwengein

address:      The Netherlands



Date: 7/10/2001 Time: 14:36:17
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (24.250.96.93,22952
ci170011-a.athen1.ga.home.com
Process name is "N/A"

Date: 7/10/2001 Time: 14:36:17
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (65.81.53.244,22952)
adsl-81-53-244.asm.bellsouth.net
Process name is "N/A"

Date: 7/10/2001 Time: 14:36:17
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (205.244.188.34,22952)            master.kali.net
Process name is "N/A"

Date: 7/10/2001 Time: 14:36:05
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (61.216.80.123,2728)
61-216-80-123.HINET-IP.hinet.net
Process name is "N/A"

Date: 7/10/2001 Time: 14:35:25
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (210.200.95.67,2101)            APOL
 Process name is "N/A"
descr:       Asia Pacific Online Services Inc

descr:       Internet Service Provider

country:     TW



Date: 7/10/2001 Time: 14:35:02
Rule "gather" blocked (64.223.148.27,27015).  Details:
Inbound UDP packet
Local address,service is (64.223.148.27,27015)
Remote address,service is (202.129.233.23,1914)
tp233023.seeder.net
Process name is "N/A"




----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

Current thread:

Unicode Logs with Ping Activity myrddin_e (Jul 10)
- Re: Unicode Logs with Ping Activity Jordan K Wiens (Jul 10)
  - 27015 probe increase?? cg (Jul 11)
    - Re: 27015 probe increase?? bhc2 (Jul 11)
    - Re: 27015 probe increase?? mstockda (Jul 11)
  - Re: Unicode Logs with Ping Activity Blake Frantz (Jul 11)
- Re: Unicode Logs with Ping Activity Vitaly Osipov (Jul 11)
- <Possible follow-ups>
- Re: Unicode Logs with Ping Activity myrddin_e (Jul 11)
  - Re: Unicode Logs with Ping Activity Vitaly Osipov (Jul 13)