since a few days i have a huge number of ips trying to access something on UDP port 10619... i have a shorewall running on a dynamic dsl provider, which gets a new ip every 24 hours, so maybe those ips are trying to access some service, but i doubt it... anyone seen some activity on udp 10619 lately? is there some new trojan, virus or something floating around? they are flooding the logs with their connect requests... can i exclude these error messages for this port temporarily from logging in shorewall? cheers and thanks, andy 29 80.130.63.59 10619 29 159.148.116.2 10619 24 81.98.218.8 10619 24 80.134.244.222 10619 22 203.236.222.118 10619 19 62.46.212.94 10619 19 209.112.211.21 10619 19 207.225.166.133 10619 18 213.250.76.157 10619 17 80.38.52.148 10619 17 217.187.8.208 10619 17 217.1.1.65 10619 16 80.145.122.48 10619 15 80.134.216.26 10619 15 217.186.167.28 10619 14 81.66.96.92 10619 11 80.4.39.143 10619 11 80.126.7.178 10619 11 217.209.63.241 10619 11 217.1.73.64 10619 10 80.137.15.30 10619 10 134.147.148.56 10619 9 80.139.171.143 10619 9 62.219.127.40 10619 9 213.153.38.215 10619 8 81.224.25.150 10619 8 68.36.80.178 10619 8 217.81.64.4 10619 8 217.80.151.214 10619 8 217.122.24.236 10619 8 212.241.86.57 10619 7 81.56.134.31 10619 7 80.18.188.2 10619 7 80.145.111.25 10619 7 80.138.250.80 10619 7 62.43.82.23 10619 7 217.228.190.135 10619 7 217.144.192.30 10619 7 212.242.126.126 10619 7 172.185.160.243 10619 6 80.197.53.133 10619 6 80.14.54.40 10619 6 80.136.228.211 10619 6 80.134.203.24 10619 6 80.132.113.56 10619 6 66.98.87.52 10619 6 62.109.79.218 10619 6 217.229.205.148 10619 6 217.227.6.109 10619 6 217.211.227.112 10619 6 217.109.163.66 10619 6 213.73.214.161 10619 6 212.144.197.14 10619 6 172.184.49.33 10619 6 155.210.57.31 10619 6 128.39.232.247 10619 5 80.26.137.162 10619 5 80.224.194.143 10619 5 80.218.120.81 10619 5 80.14.16.98 10619 5 80.135.151.61 10619 5 80.117.60.51 10619 5 68.52.150.167 10619 5 66.47.100.50 10619 5 62.233.209.66 10619 5 62.142.23.163 10619 5 24.102.1.24 10619 5 218.228.166.211 10619 5 217.235.84.240 10619 5 212.83.75.166 10619 5 193.253.52.113 10619 5 193.251.56.113 10619 5 172.185.109.139 10619 5 142.179.66.10 10619 4 81.50.207.10 10619 4 81.48.73.29 10619 4 81.48.211.121 10619 4 80.3.157.59 10619 4 80.136.218.82 10619 4 80.136.175.174 10619 4 80.133.95.225 10619 4 80.133.217.175 10619 4 80.133.207.139 10619 4 68.42.166.150 10619 4 64.106.69.220 10619 4 24.25.120.104 10619 4 24.245.30.122 10619 4 217.84.159.219 10619 4 217.81.122.158 10619 4 217.81.120.21 10619 4 217.235.39.80 10619 4 217.235.176.190 10619 4 217.232.18.183 10619 4 217.231.254.89 10619 4 217.228.230.17 10619 4 217.217.16.50 10619 4 213.41.137.58 10619 4 213.39.175.45 10619 4 213.39.163.204 10619 4 213.237.74.67 10619 4 213.23.10.53 10619 4 213.168.116.31 10619 4 212.58.170.26 10619 4 212.254.249.203 10619 4 212.202.206.209 10619 4 212.202.170.155 10619 4 212.187.118.3 10619 4 212.183.81.188 10619 4 212.117.197.50 10619 4 208.188.22.185 10619 4 204.210.154.43 10619 4 200.193.226.27 10619 4 195.14.201.138 10619 4 193.251.95.26 10619 4 172.185.179.13 10619 4 172.177.112.182 10619 4 142.163.162.61 10619 4 131.164.226.220 10619 4 128.95.26.59 10619 3 81.86.142.197 10619 3 81.80.22.97 10619 3 81.80.160.171 10619 3 80.62.36.39 10619 3 80.36.47.154 10619 3 80.33.27.25 10619 3 80.228.70.113 10619 3 80.224.104.33 10619 3 80.218.94.88 10619 3 80.200.96.110 10619 3 80.195.131.59 10619 3 80.161.39.236 10619 3 80.15.56.8 10619 3 80.142.110.226 10619 3 80.138.3.54 10619 3 80.134.84.98 10619 3 80.134.119.117 10619 3 80.133.60.98 10619 3 80.131.192.10 10619 3 80.130.4.37 10619 3 68.61.7.178 10619 3 67.68.14.215 10619 3 66.122.53.205 10619 3 65.188.116.65 10619 3 64.223.146.138 10619 3 62.90.193.129 10619 3 62.89.120.234 10619 3 62.79.51.205 10619 3 62.79.44.66 10619 3 62.30.98.12 10619 3 62.219.113.23 10619 3 62.167.165.115 10619 3 24.28.10.137 10619 3 24.220.132.190 10619 3 24.208.239.243 10619 3 24.132.232.5 10619 3 24.122.16.214 10619 3 217.96.214.148 10619 3 217.82.20.51 10619 3 217.81.247.56 10619 3 217.69.252.56 10619 3 217.39.7.244 10619 3 217.39.143.242 10619 3 217.236.89.221 10619 3 217.235.216.229 10619 3 217.228.194.204 10619 3 217.225.62.144 10619 3 217.225.132.34 10619 3 217.208.212.9 10619 3 217.162.80.23 10619 3 217.136.101.248 10619 3 217.126.249.244 10619 3 216.100.72.125 10619 3 213.44.180.248 10619 3 213.23.32.197 10619 3 213.228.43.109 10619 3 213.203.116.210 10619 3 213.187.86.15 10619 3 213.184.215.140 10619 3 212.242.115.70 10619 3 212.195.201.101 10619 3 212.159.115.216 10619 3 212.145.135.198 10619 3 212.144.198.140 10619
On Wed, 2003-01-08 at 15:50, Andreas Bittner wrote:> since a few days i have a huge number of ips trying to access something on > UDP port 10619...Andreas, IANA doesn''t show any information for UDP 10619, so I''m not sure what service they''re trying to access. A Google search does find quite a few squid references with UDP 10619. http://www.iana.org/assignments/port-numbers> i have a shorewall running on a dynamic dsl provider, which gets a new ip > every 24 hours, so maybe those ips are trying to access some service, but i > doubt it... > > anyone seen some activity on udp 10619 lately? is there some new trojan, > virus or something floating around?Not that I''m aware of. Have you performed an external/internal audit of your firewall/network lately. Nessus (nessus.org) is a good tool to use for this.> they are flooding the logs with their connect requests... > > can i exclude these error messages for this port temporarily from logging in > shorewall?Yes, but that wont tell you what is going on. I find it''s more comforting to actually find the cause of the problem before ignoring it. -- Mike Noyes <mhnoyes @ users.sourceforge.net> http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ http://sitedocs.sf.net/ http://ffl.sf.net/
Without seeing the actual logged entries I wouldn''t really know how to best tell. This isn''t a registered service (with IANA or others) and isn''t a known trojan in the lists I know. If you are up to a bit of sleuthing, you can use the helpful diagnostics at the site listed below to determine what it might be..... Wayne GOOD FIREWALL HITS DIAGNOSTIC SITE: http://www.robertgraham.com/pubs/firewall-seen.html> From: "Andreas Bittner" <bittner@rz.fh-heilbronn.de> > > since a few days i have a huge number of ips trying to access something > on UDP port 10619... > > i have a shorewall running on a dynamic dsl provider, which gets a new > ip every 24 hours, so maybe those ips are trying to access some service, > but i doubt it... > > anyone seen some activity on udp 10619 lately? is there some new trojan, > virus or something floating around? > > they are flooding the logs with their connect requests... > > can i exclude these error messages for this port temporarily from > logging in shorewall? > > > cheers and thanks, > andy >() Join the ASCII ribbon campaign against HTML email /\ and Microsoft specific attachments. If I wanted to read HTML, I would have visited your website! Support open standards.