Welcome Guest [Log In] [Register]
Welcome!

You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free.

Join our community!

Username:   Password:
Add Reply
Getting hammered.
Topic Started: Jul 20 2008, 12:41 PM (350 Views)
JFK
Member Avatar

First an attempt to ssh via port 22 then an ms sql at port 1434 and since then the repeated attempts on port 50615.... With the origin in Ashburn, Va. :-/

Is this happening to anyone else ?
Offline Profile Quote Post Goto Top
 
Andoo Inc.
Member Avatar
Sir finds a lot
I'm smart, but right now I feel dumb/confused
Offline Profile Quote Post Goto Top
 
JFK
Member Avatar

Andoo Inc.
Jul 20 2008, 01:14 PM
I'm smart, but right now I feel dumb/confused
Sorry. :$

It looks like someone is bringing a "bot army" online and thinks my computer is one of the "soldiers" in that army.

There are over 6000 unique IP's thus far in that "army".

I have all my ports stealthed so my computer is not responding to those requests, however I am logging the attempts.

I wonder who the intended "victim" is. :-/
Offline Profile Quote Post Goto Top
 
Sureshot
Member Avatar
Your glorious Loose Change Forum dictator...
Your computer might be a soldier in the bot army. All it takes is a backdoor trojan. ;) The only way to totally neutralize it is a fresh install, and guaranteed it won't remain.
Offline Profile Quote Post Goto Top
 
JFK
Member Avatar

Sureshot
Jul 20 2008, 02:53 PM
Your computer might be a soldier in the bot army. All it takes is a backdoor trojan. ;) The only way to totally neutralize it is a fresh install, and guaranteed it won't remain.
No, nothing unusual outgoing, and all incoming ports are stealthed here.

over 8000 unique incoming requests which have been ignored and logged thus far.
Offline Profile Quote Post Goto Top
 
JFK
Member Avatar

Neat... the lease on my IP ran out, I was assigned a new one and immediately was port scanned from 50276 - 50609..... By AKAMAI. ( 64.86.106.78 )

Everyone here knows whose company that is, correct ?
Offline Profile Quote Post Goto Top
 
alexvegas
Member Avatar
alex25smash
Thought this was about getting pissed. Which is English for getting drunk... also known as getting hammered.
Offline Profile Quote Post Goto Top
 
JFK
Member Avatar

alexvegas
Jul 20 2008, 06:25 PM
Thought this was about getting pissed. Which is English for getting drunk... also known as getting hammered.
:D Yes, I know what getting pissed means. ;)

About AKAMAI....

http://www.akamai.com/html/about/management_dl.html

Posted Image

Posted Image

Seriously, you can't make this shit up. :|
Offline Profile Quote Post Goto Top
 
noeffects
Member Avatar

JFK, that is very strange.

So what are they up to ?.... It is a Web application company right?

Here is their take on themselves...
"If you use the Internet for anything – to download music or software, check the headlines, book a flight – you've probably used Akamai's services without even knowing it. We play a critical role in getting content from providers to consumers."
Offline Profile Quote Post Goto Top
 
SPreston
Member Avatar
Patriotic American

Quote:
 
Akamai's technology – at its core, applied mathematics and algorithms - has transformed the chaos of the Internet into a predictable, scalable, and secure platform for business and entertainment. The Akamai EdgePlatform comprises 34000 servers deployed in 70 countries that continually monitor the Internet – traffic, trouble spots and overall conditions. We use that information to intelligently optimize routes and replicate content for faster, more reliable delivery. As Akamai handles 20% of total Internet traffic today, our view of the Internet is the most comprehensive and dynamic collected anywhere.

We monitor that view in our Network Operations Command Center every minute of every day, to make sure that our platform and our customers' online operations are speeding along optimally. Our customers get their own global view through Akamai EdgeControl – a Web-based customer portal that gives them the insights and tools to provision and manage their online business. And anyone in the world can get a real-time view of key happenings on the Internet through Data Visualizations right here on the Akamai Web site.
http://www.akamai.com/html/technology/index.html

Offline Profile Quote Post Goto Top
 
JFK
Member Avatar

More of a server farm, on the surface.

They have ties to 212.143.180.100 which are no longer documented on their website.

Spoiler: click to toggle


You may want to check their client list. ;)
Offline Profile Quote Post Goto Top
 
PBnJ
Member Avatar
The Best Sandwich on Earth
Akamai has thousands of clients.. microsoft is one of them. Windows update is funneled through Akamai a lot, so getting probed by one of their servers is a result of that server attempting to find the best way to funnel information back to your client.

The fact that you think that a company is involved in some conspiracy because they had an employee on flight 11 is just... wow...

Maybe do some reading on HTTP 1.1 and general web-traffic instead of living in a world of techno-phobia?

By the way, welcome to 8 years ago...

http://news.cnet.com/2100-1023-244959.html
Offline Profile Quote Post Goto Top
 
JFK
Member Avatar

PBnJ
Jul 20 2008, 10:22 PM
Akamai has thousands of clients.. microsoft is one of them. Windows update is funneled through Akamai a lot, so getting probed by one of their servers is a result of that server attempting to find the best way to funnel information back to your client.

The fact that you think that a company is involved in some conspiracy because they had an employee on flight 11 is just... wow...

Maybe do some reading on HTTP 1.1 and general web-traffic instead of living in a world of techno-phobia?

By the way, welcome to 8 years ago...

http://news.cnet.com/2100-1023-244959.html
Nope. Turned off. ;)

Edit to add - As far as your link goes, you may want to reread this thread as far as the chain of events. :roll:
Edited by JFK, Jul 20 2008, 10:41 PM.
Offline Profile Quote Post Goto Top
 
PBnJ
Member Avatar
The Best Sandwich on Earth
Did you even read that article from CNet, the part where it stated:

Quote:
 
Akamai said the problem also can arise in a situation in which Internet users are assigned random Internet Protocol (IP) addresses, as is common with many consumer dial-up Internet service providers and corporate settings.

In this scenario, if someone improperly terminates a Web connection, the subsequent user of that IP address could wind up getting the querying packets.


Your dynamic IP got renewed and suddenly you got scanned, this is not really a cause for alarm.

Windows update isn't the only thing that uses Akamai services.. it's a localization management service, look at the list of their other clients:

http://www.akamai.com/html/customers/customer_list.html

Go ahead and block the traffic and see what breaks or if your connection to certain sites slows down significantly, lol.

MS, McAfee, Adobe,.. the list is gigantic.
Offline Profile Quote Post Goto Top
 
Sureshot
Member Avatar
Your glorious Loose Change Forum dictator...
Yeah as PBnJ said, Akami does a lot of the MS Update services. You'll see the URL as akami.net instead of microsoft.com
Edited by Sureshot, Jul 20 2008, 11:01 PM.
Offline Profile Quote Post Goto Top
 
tower
Member Avatar

I think it's some regular bot/worm scanning. As long as you have a firewall you should be safe.
Offline Profile Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
ZetaBoards - Free Forum Hosting
Enjoy forums? Start your own community for free.
Learn More · Register for Free
« Previous Topic · The Lounge · Next Topic »
Add Reply