The UK Home Automation Archive

Archive Home
Group Home
Search Archive


Advanced Search

The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024

Latest message you have seen: [OT] Vigor problems


[Message Prev][Message Next][Thread Prev][Thread Next][Message Index][Thread Index]

RE: [OT] Netgear Alerts


  • Subject: RE: [OT] Netgear Alerts
  • From: "Rowdy" <aoop43@xxxxxxxxxxxxx>
  • Date: Tue, 21 Feb 2006 17:29:38 -0000

Yes, were there before I used bittorrent, I'm on Pipex and my IP
address
never changes although it is officially dynamic.



I'll go round my pc's and try the command after see what it gives.



Like you say don't know why it's me, what is the point of the attack as
it's
not causing me much pain, or at least I don't think so, is there anything I
can do to stop it?



Cheers,



Keith



_____

From: ukha_d@xxxxxxx [mailto:ukha_d@xxxxxxx] On Behalf Of
Adrian
Sent: 21 February 2006 11:22
To: ukha_d@xxxxxxx
Subject: Re: [ukha_d] [OT] Netgear Alerts



were the 6882 popping up last week before you started using bittorrent?
is your ISP ip address fixed or dynamic?

port 50244 is listed as "client-port on Red Hat Linux 9.0, Fedora Core
1, Red Hat Enterprise 3" and "RPC based services, Windows
Messaging
Service."

either they are bogus (and your router is blocking as it should) or
maybe theres something on your pc(s) making out going calls to these
(less likely as router would then normally let connection back through)

one way to tell is run a "netstat -an" on the PC, this shows most
open
connections, you should be able to see if anything is trying to connect
to 50244

a quick tracert of some of those ip's address (95.29.173.232 &
106.168.60.247) show they dont appear to be routable which more probably
suggest a DOS attack

why they have choosen you who knows




Rowdy wrote:

>Adrian,
>
>
>
>Complete list:
>
>
>
>UDP Packet - Source:95.29.173.232,50244 Destination:62.190.238.4,1029 -
>[DOS]
>
>UDP Packet - Source:106.168.60.247,50244 Destination:62.190.238.4,1029
-
>[DOS]
>
>UDP Packet - Source:77.153.71.113,50244 Destination:62.190.238.4,1029 -
>[DOS]
>
>UDP Packet - Source:5.92.48.104,50244 Destination:62.190.238.4,1029 -
[DOS]
>
>UDP Packet - Source:61.31.152.222,50244 Destination:62.190.238.4,1028 -
>[DOS]
>
>UDP Packet - Source:220.168.158.13,34520 Destination:62.190.238.4,1031
-
>[DOS]
>
>UDP Packet - Source:103.66.226.58,50244 Destination:62.190.238.4,1029 -
>[DOS]
>
>UDP Packet - Source:31.5.203.176,50244 Destination:62.190.238.4,1028 -
[DOS]
>
>UDP Packet - Source:87.199.180.167,50244 Destination:62.190.238.4,1028
-
>[DOS]
>
>UDP Packet - Source:220.168.158.13,36626 Destination:62.190.238.4,1029
-
>[DOS]
>
>UDP Packet - Source:15.10.29.158,50244 Destination:62.190.238.4,1029 -
[DOS]
>
>TCP Packet - Source:70.157.108.240,50116 Destination:62.190.238.4,6882
-
>[DOS]
>
>TCP Packet - Source:192.192.217.99,1037 Destination:62.190.238.4,6882 -
>[DOS]
>
>TCP Packet - Source:85.222.13.9,4686 Destination:62.190.238.4,6882 -
[DOS]
>
>TCP Packet - Source:24.47.68.123,24454 Destination:62.190.238.4,6882 -
[DOS]
>
>TCP Packet - Source:128.226.233.56,2164 Destination:62.190.238.4,6882 -
>[DOS]
>
>TCP Packet - Source:70.84.189.146,57927 Destination:62.190.238.4,113 -
[DOS]
>
>
>TCP Packet - Source:68.171.1.235,10071 Destination:62.190.238.4,6882 -
[DOS]
>
>
>TCP Packet - Source:84.166.217.156,4261 Destination:62.190.238.4,6882 -
>[DOS]
>
>TCP Packet - Source:85.222.13.9,3237 Destination:62.190.238.4,6882 -
[DOS]
>
>TCP Packet - Source:71.193.184.240,3096 Destination:62.190.238.4,6882 -
>[DOS]
>
>UDP Packet - Source:56.174.104.122,50244 Destination:62.190.238.4,1028
-
>[DOS]
>
>TCP Packet - Source:70.80.5.221,3166 Destination:62.190.238.4,6882 -
[DOS]
>
>TCP Packet - Source:209.159.246.135,1100 Destination:62.190.238.4,6882
-
>[DOS]
>
>TCP Packet - Source:81.103.239.217,2604 Destination:62.190.238.4,6882 -
>[DOS]
>
>TCP Packet - Source:70.80.5.221,3166 Destination:62.190.238.4,6882 -
[DOS]
>
>TCP Packet - Source:85.182.115.111,2630 Destination:62.190.238.4,6882 -
>[DOS]
>
>TCP Packet - Source:85.228.149.38,36163 Destination:62.190.238.4,6882 -
>[DOS]
>
>TCP Packet - Source:216.239.82.65,60699 Destination:62.190.238.4,6882 -
>[DOS]
>
>TCP Packet - Source:68.158.245.39,4514 Destination:62.190.238.4,6882 -
[DOS]
>
>
>TCP Packet - Source:166.93.28.178,56144 Destination:62.190.238.4,6882 -
>[DOS]
>
>TCP Packet - Source:66.140.202.1,4799 Destination:62.190.238.4,6882 -
[DOS]

>
>TCP Packet - Source:83.67.114.241,61366 Destination:62.190.238.4,6882 -
>[DOS]
>
>TCP Packet - Source:67.87.33.207,3835 Destination:62.190.238.4,6882 -
[DOS]
>
>TCP Packet - Source:70.84.189.146,59353 Destination:62.190.238.4,113 -
[DOS]
>
>
>TCP Packet - Source:18.252.6.90,54567 Destination:62.190.238.4,6882 -
[DOS]
>
>
>
>I haven't used bittorrent for a while, but as it happens started using
it
>yesterday, but the messages have been coming since last week.
>
>
>
>Cheers
>
>
>
>Keith
>
>
>
>  _____
>
>From: ukha_d@xxxxxxx [mailto:ukha_d@xxxxxxx] On Behalf Of
>Adrian
>Sent: 21 February 2006 09:12
>To: ukha_d@xxxxxxx
>Subject: Re: [ukha_d] [OT] Netgear Alerts
>
>
>
>well i can tell you the 6882 is bittorrent (the second download file),
>do you use bittorrent?
>
>the 113 is a ident packet, a bit more unusual, what are the majority?
>
>Rowdy wrote:
>
>
>
>>Hi All,
>>
>>
>>
>>Seeing someone mentioned DOS attacks, over the last few days my
router has
>>started to send me emails with these messages, I'm not sure I
should be
>>worried or whether there is something I can do about it. It's only
ever
>>happed once before and that was a single email months ago, but at
the
>>
>>
>moment
>
>
>>I've had about 20 of the emails from the router in the last few
days.
>>
>>
>>
>>TCP Packet - Source:70.84.189.146,57927
Destination:62.190.238.4,113 -
>>
>>
>[DOS]
>
>
>>TCP Packet - Source:68.171.1.235,10071
Destination:62.190.238.4,6882 -
>>
>>
>[DOS]
>
>
>>TCP Packet - Source:84.166.217.156,4261
Destination:62.190.238.4,6882 -
>>[DOS] TCP Packet - Source:85.222.13.9,3237
Destination:62.190.238.4,6882 -
>>[DOS]
>>
>>
>>
>>Do I need to do anything?
>>
>>
>>
>>Thanks
>>
>>
>>
>>Keith
>>
>>
>>









SPONSORED LINKS


Home
<http://groups.yahoo.com/gads?t=ms&k=Home+repair+improvement&w1=Home+repair+
improvement&w2=Computer+stuff&w3=High&w4=Improvement&c=4&s=76&.sig=TcERUCDPQ
cJLbg9mtvQGJQ>  repair improvement

Computer
<http://groups.yahoo.com/gads?t=ms&k=Computer+stuff&w1=Home+repair+improveme
nt&w2=Computer+stuff&w3=High&w4=Improvement&c=4&s=76&.sig=plS9-eUUfaBXyLVFT8
7AJg>  stuff

High
<http://groups.yahoo.com/gads?t=ms&k=High&w1=Home+repair+improvement&w2=Comp
uter+stuff&w3=High&w4=Improvement&c=4&s=76&.sig=b5d547gPx7eFWNGqXQCl7A>


Improvement
<http://groups.yahoo.com/gads?t=ms&k=Improvement&w1=Home+repair+improvement&;
w2=Computer+stuff&w3=High&w4=Improvement&c=4&s=76&.sig=O6pw_oratTOwep2G_91fI
Q>







_____

YAHOO! GROUPS LINKS



*	 Visit your group "ukha_d <http://groups.yahoo.com/group/ukha_d>
"
on the web.

*	 To unsubscribe from this group, send an email to:
ukha_d-unsubscribe@xxxxxxx
<mailto:ukha_d-unsubscribe@xxxxxxx?subject=Unsubscribe>

*	 Your use of Yahoo! Groups is subject to the Yahoo!
<http://docs.yahoo.com/info/terms/>
 Terms of Service.



_____



[Non-text portions of this message have been removed]




UKHA_D Main Index | UKHA_D Thread Index | UKHA_D Home | Archives Home

Comments to the Webmaster are always welcomed, please use this contact form . Note that as this site is a mailing list archive, the Webmaster has no control over the contents of the messages. Comments about message content should be directed to the relevant mailing list.