[juneau-lug] Re: port 46252

  • From: James Zuelow <e5z8652@xxxxxxxxxx>
  • To: juneau-lug@xxxxxxxxxxxxx
  • Date: Sun, 11 Dec 2011 21:00:16 -0900

On Sunday, December 11, 2011, Jamie wrote:
> For the last 2 or 3 weeks I've been getting periodically hammered from
> some bot-net? trying to get to port 46252.  Can anyone shed any light?
> 
> Sample log:
> 
> [INFO] Sun Dec 11 19:15:15 2011 Sending log email as log is full
> [INFO] Sun Dec 11 19:15:15 2011 Blocked incoming TCP connection request
> from 221.218.175.38:53511 to 24.237.5.24:46252 [INFO] Sun Dec 11 19:15:15
> 2011 Blocked incoming TCP connection request from 96.255.21.209:60731 to
> 24.237.5.24:46252 [INFO] Sun Dec 11 19:15:15 2011 Blocked incoming TCP
> connection request from 24.89.232.155:53668 to 24.237.5.24:46252 [INFO]

The SANS folks don't seem to have a lot of dshield information, so it is 
probably not a bot-net:  http://isc.sans.edu/port.html?port=46252

Does it happen when you change IP addresses?  Sometimes oddball port floods 
are leftovers from a previous user's gaming session.  Many gaming protocols 
build an on-the-fly peer to peer network and look like attacks if the game 
isn't running.

James
------------------------------------
The Juneau Linux Users Group -- http://www.juneau-lug.org
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the 
word unsubscribe in the subject header.

Other related posts:

  1. Home
  2. juneau-lug
  3. Archive
  4. 12-2011