[juneau-lug] Re: port 46252

  • From: larry talley <larryt@xxxxxxx>
  • To: juneau-lug@xxxxxxxxxxxxx
  • Date: Mon, 12 Dec 2011 12:38:18 -0900

Very interesting and educational story, and a good outcome, as
everyone had a learning experience, and now the parental unit has an
opportunity to make a positive intervention....

Larry

On Mon, Dec 12, 2011 at 8:46 AM, Jamie <jamie@xxxxxxxxxxxxxxxxx> wrote:
> I've located the source of the problem.  He was circumventing the
> imposed parental computer restrictions by using a borrowed laptop.  So
> it was probably online gaming as James suggested.
>
> On 12/11/2011 10:19 PM, Jamie wrote:
>> Thanks Kevin, James&  Myron
>>
>> My guess had been some sort of P2P sharing.   I had been resetting my IP
>> address by rebooting my router and seemed to work at first.  Not
>> tonight, it came back as soon as my router had  a new address.  But the
>> plot thickens.  I did find an unknown MAC address (00269E2D5F21) on my
>> network.  This would suggest that someone has compromised my wifi.  So I
>> reset all my passwords and beefed up security.  Its quiet at the
>> moment.  I'm using a D-Link DIR-625.
>>
>> Thanks for the suggestions.
>>
>> [INFO] Sun Dec 11 16:33:49 2011 Lease 192.168.0.66 renewed by client 
>> 00269E2D5F21
>> [INFO] Sun Dec 11 16:33:49 2011 Assigned new lease 192.168.0.66 to client 
>> 00269E2D5F21
>> [INFO] Sun Dec 11 16:33:45 2011 Blocked packet from 169.254.175.194 to 
>> 224.0.0.22 that was received from the wrong network interface (IP address 
>> spoofing)
>> [INFO] Sun Dec 11 16:33:38 2011 Previous message repeated 3 times
>> [INFO] Sun Dec 11 16:32:08 2011 Blocked incoming UDP packet from 
>> 209.165.131.12:53 to 69.178.66.244:56298
>> [INFO] Sun Dec 11 16:32:03 2011 Blocked incoming UDP packet from 
>> 209.165.131.13:53 to 69.178.66.244:56298
>> [INFO] Sun Dec 11 16:31:58 2011 Blocked incoming UDP packet from 
>> 209.165.131.12:53 to 69.178.66.244:41451
>> [INFO] Sun Dec 11 16:31:53 2011 Blocked incoming UDP packet from 
>> 209.165.131.13:53 to 69.178.66.244:41451
>>
>>
>>
>> On 12/11/2011 09:35 PM, Myron Davis wrote:
>>> I don't know for sure, but what I would do is open port 46252 and then run
>>> nc -l -p 46252
>>> and see what they request....
>>> But with no other layer 7 full dump information I would guess your IP is
>>> registered with a P2P service somewhere like skype or bittorrent.
>>>
>>> Just a guess..
>>>
>>> On Sun, Dec 11, 2011 at 7:20 PM, Jamie<jamie@xxxxxxxxxxxxxxxxx>   wrote:
>>>
>>>> For the last 2 or 3 weeks I've been getting periodically hammered from
>>>> some bot-net? trying to get to port 46252.  Can anyone shed any light?
>>>>
>>>> Sample log:
>>>>
>>>> [INFO] Sun Dec 11 19:15:15 2011 Sending log email as log is full
>>>> [INFO] Sun Dec 11 19:15:15 2011 Blocked incoming TCP connection request
>>>> from 221.218.175.38:53511 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:15 2011 Blocked incoming TCP connection request
>>>> from 96.255.21.209:60731 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:15 2011 Blocked incoming TCP connection request
>>>> from 24.89.232.155:53668 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:14 2011 Blocked incoming TCP connection request
>>>> from 98.169.108.3:61715 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:14 2011 Blocked incoming TCP connection request
>>>> from 177.40.149.139:57934 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:14 2011 Blocked incoming TCP connection request
>>>> from 184.56.224.13:54667 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:14 2011 Blocked incoming TCP connection request
>>>> from 68.118.59.27:58623 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:14 2011 Blocked incoming TCP connection request
>>>> from 2.26.70.20:63824 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:14 2011 Blocked incoming UDP packet from
>>>> 145.53.218.238:36047 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:14 2011 Blocked incoming UDP packet from
>>>> 195.139.124.145:64800 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:14 2011 Blocked incoming UDP packet from
>>>> 189.106.1.135:39916 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:14 2011 Blocked incoming TCP connection request
>>>> from 116.64.236.135:45083 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:14 2011 Blocked incoming TCP connection request
>>>> from 67.193.137.61:50558 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:14 2011 Blocked incoming TCP connection request
>>>> from 41.220.32.103:64031 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:14 2011 Blocked incoming TCP connection request
>>>> from 24.16.99.72:55238 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:14 2011 Blocked incoming TCP connection request
>>>> from 96.255.21.209:60731 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:14 2011 Blocked incoming UDP packet from
>>>> 108.20.146.164:46518 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:14 2011 Blocked incoming TCP connection request
>>>> from 182.166.31.124:50256 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:13 2011 Blocked incoming TCP connection request
>>>> from 85.131.129.171:43082 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:13 2011 Blocked incoming TCP connection request
>>>> from 121.223.77.188:53277 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:13 2011 Blocked incoming UDP packet from
>>>> 79.160.154.206:21951 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:13 2011 Blocked incoming TCP connection request
>>>> from 82.23.189.149:56825 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:13 2011 Blocked incoming UDP packet from
>>>> 68.121.33.40:50551 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:13 2011 Blocked incoming TCP connection request
>>>> from 96.255.21.209:60731 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:12 2011 Blocked incoming UDP packet from
>>>> 197.226.238.87:29373 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:12 2011 Blocked incoming UDP packet from
>>>> 76.118.78.168:6374 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:12 2011 Blocked incoming TCP connection request
>>>> from 24.139.22.96:1953 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:12 2011 Blocked incoming TCP connection request
>>>> from 96.229.38.203:50201 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:12 2011 Blocked incoming TCP connection request
>>>> from 68.147.45.19:58614 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:12 2011 Blocked incoming TCP connection request
>>>> from 82.24.105.230:63020 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:12 2011 Blocked incoming TCP connection request
>>>> from 96.255.21.209:60731 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:12 2011 Blocked incoming TCP connection request
>>>> from 76.25.189.239:41781 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:12 2011 Blocked incoming TCP connection request
>>>> from 24.89.232.155:53668 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:11 2011 Blocked incoming UDP packet from
>>>> 195.13.38.201:17370 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:11 2011 Blocked incoming UDP packet from
>>>> 151.45.83.51:24159 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:11 2011 Blocked incoming UDP packet from
>>>> 24.10.245.66:18160 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:11 2011 Blocked incoming TCP connection request
>>>> from 24.16.99.72:55238 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:11 2011 Blocked incoming TCP connection request
>>>> from 67.193.137.61:50558 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:11 2011 Blocked incoming TCP connection request
>>>> from 83.78.160.46:36333 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:10 2011 Blocked incoming TCP connection request
>>>> from 69.181.137.67:51938 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:10 2011 Blocked incoming UDP packet from
>>>> 99.107.96.174:10792 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:10 2011 Blocked incoming TCP connection request
>>>> from 94.214.70.97:59897 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:10 2011 Blocked incoming TCP connection request
>>>> from 76.93.111.3:60048 to 24.237.5.24:46252
>>>> [INFO] Sun Dec 11 19:15:10 2011 Blocked incoming TCP connection request
>>>> from 76.25.189.239:41781 to 24.237.5.24:46252
>>>>
>>>>
>>>>
>>>> --
>>>> Browns Homepage - http://jdb.homelinux.net
>>>> --
>>>> Registered Linux User No: 187845  https://linuxcounter.net/
>>>>
>>>> ------------------------------------
>>>> The Juneau Linux Users Group -- http://www.juneau-lug.org
>>>> This is the Juneau-LUG mailing list.
>>>> To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with
>>>> the word unsubscribe in the subject header.
>>>>
>>> ------------------------------------
>>> The Juneau Linux Users Group -- http://www.juneau-lug.org
>>> This is the Juneau-LUG mailing list.
>>> To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the 
>>> word unsubscribe in the subject header.
>
> --
> Browns Homepage - http://jdb.homelinux.net
> --
> Registered Linux User No: 187845  https://linuxcounter.net/
>
> ------------------------------------
> The Juneau Linux Users Group -- http://www.juneau-lug.org
> This is the Juneau-LUG mailing list.
> To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the 
> word unsubscribe in the subject header.
------------------------------------
The Juneau Linux Users Group -- http://www.juneau-lug.org
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the 
word unsubscribe in the subject header.

Other related posts:

  1. Home
  2. juneau-lug
  3. Archive
  4. 12-2011