| Welcome! You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free. Join our community! |
| Getting hammered. | |
|---|---|
| Tweet Topic Started: Jul 20 2008, 12:41 PM (350 Views) | |
| JFK | Jul 20 2008, 12:41 PM Post #1 |
![]()
|
First an attempt to ssh via port 22 then an ms sql at port 1434 and since then the repeated attempts on port 50615.... With the origin in Ashburn, Va. Is this happening to anyone else ? |
![]() |
|
| Andoo Inc. | Jul 20 2008, 01:14 PM Post #2 |
|
Sir finds a lot
|
I'm smart, but right now I feel dumb/confused |
![]() |
|
| JFK | Jul 20 2008, 01:28 PM Post #3 |
![]()
|
Sorry. It looks like someone is bringing a "bot army" online and thinks my computer is one of the "soldiers" in that army. There are over 6000 unique IP's thus far in that "army". I have all my ports stealthed so my computer is not responding to those requests, however I am logging the attempts. I wonder who the intended "victim" is.
|
![]() |
|
| Sureshot | Jul 20 2008, 02:53 PM Post #4 |
![]()
Your glorious Loose Change Forum dictator...
|
Your computer might be a soldier in the bot army. All it takes is a backdoor trojan. The only way to totally neutralize it is a fresh install, and guaranteed it won't remain.
|
![]() |
|
| JFK | Jul 20 2008, 03:04 PM Post #5 |
![]()
|
No, nothing unusual outgoing, and all incoming ports are stealthed here. over 8000 unique incoming requests which have been ignored and logged thus far. |
![]() |
|
| JFK | Jul 20 2008, 05:56 PM Post #6 |
![]()
|
Neat... the lease on my IP ran out, I was assigned a new one and immediately was port scanned from 50276 - 50609..... By AKAMAI. ( 64.86.106.78 ) Everyone here knows whose company that is, correct ? |
![]() |
|
| alexvegas | Jul 20 2008, 06:25 PM Post #7 |
|
alex25smash
|
Thought this was about getting pissed. Which is English for getting drunk... also known as getting hammered. |
![]() |
|
| JFK | Jul 20 2008, 06:33 PM Post #8 |
![]()
|
Yes, I know what getting pissed means. About AKAMAI.... http://www.akamai.com/html/about/management_dl.html ![]() ![]() Seriously, you can't make this shit up.
|
![]() |
|
| noeffects | Jul 20 2008, 08:47 PM Post #9 |
![]()
|
JFK, that is very strange. So what are they up to ?.... It is a Web application company right? Here is their take on themselves... "If you use the Internet for anything – to download music or software, check the headlines, book a flight – you've probably used Akamai's services without even knowing it. We play a critical role in getting content from providers to consumers." |
![]() |
|
| SPreston | Jul 20 2008, 08:59 PM Post #10 |
|
Patriotic American
|
|
![]() |
|
| JFK | Jul 20 2008, 09:02 PM Post #11 |
![]()
|
More of a server farm, on the surface. They have ties to 212.143.180.100 which are no longer documented on their website. Spoiler: click to toggle You may want to check their client list.
|
![]() |
|
| PBnJ | Jul 20 2008, 10:22 PM Post #12 |
|
The Best Sandwich on Earth
|
Akamai has thousands of clients.. microsoft is one of them. Windows update is funneled through Akamai a lot, so getting probed by one of their servers is a result of that server attempting to find the best way to funnel information back to your client. The fact that you think that a company is involved in some conspiracy because they had an employee on flight 11 is just... wow... Maybe do some reading on HTTP 1.1 and general web-traffic instead of living in a world of techno-phobia? By the way, welcome to 8 years ago... http://news.cnet.com/2100-1023-244959.html |
![]() |
|
| JFK | Jul 20 2008, 10:38 PM Post #13 |
![]()
|
Nope. Turned off. Edit to add - As far as your link goes, you may want to reread this thread as far as the chain of events.
Edited by JFK, Jul 20 2008, 10:41 PM.
|
![]() |
|
| PBnJ | Jul 20 2008, 11:01 PM Post #14 |
|
The Best Sandwich on Earth
|
Did you even read that article from CNet, the part where it stated:
Your dynamic IP got renewed and suddenly you got scanned, this is not really a cause for alarm. Windows update isn't the only thing that uses Akamai services.. it's a localization management service, look at the list of their other clients: http://www.akamai.com/html/customers/customer_list.html Go ahead and block the traffic and see what breaks or if your connection to certain sites slows down significantly, lol. MS, McAfee, Adobe,.. the list is gigantic. |
![]() |
|
| Sureshot | Jul 20 2008, 11:01 PM Post #15 |
![]()
Your glorious Loose Change Forum dictator...
|
Yeah as PBnJ said, Akami does a lot of the MS Update services. You'll see the URL as akami.net instead of microsoft.com
Edited by Sureshot, Jul 20 2008, 11:01 PM.
|
![]() |
|
| tower | Jul 21 2008, 01:19 AM Post #16 |
![]()
|
I think it's some regular bot/worm scanning. As long as you have a firewall you should be safe. |
![]() |
|
| 1 user reading this topic (1 Guest and 0 Anonymous) | |
| « Previous Topic · The Lounge · Next Topic » |








The only way to totally neutralize it is a fresh install, and guaranteed it won't remain.
Yes, I know what getting pissed means. 




9:16 AM Jul 11