msk100
asked on
Spammer sending UDP packets to 1026. What can i do?
Using Kiwi syslog daemon, I have recently noticed a lot of inbound UDP and TCP/IP packets from 204.16.209.140 & 204.16.209.110 & 204.16.209.159 & 204.16.209.120 on many different ports including ports 1026. I assumed it was just some spammer trying to send pop-ups to anyone listening on 1027 but there are a lot of other ports they are sending UDP to. The whois returned the data below. And I reported the traffic to their Abuse submission form. I doubt anything will happen.
My question is, who else can I report this too? Besides blocking the IP range at my firewall, what else can I do to protect against it? I'd like to forward the packets from that IP range to a linux box to get a look at them.
Thanks for any help.
Search results for: 204.16.209.140
OrgName: FAST COLOCATION SERVICES
OrgID: FCS-73
Address: 3791 N. Edgewater Dr
City: Wasilla
StateProv: AK
PostalCode: 99654
Country: US
NetRange: 204.16.208.0 - 204.16.211.255
CIDR: 204.16.208.0/22
NetName: FC-BLK-1
NetHandle: NET-204-16-208-0-1
Parent: NET-204-0-0-0-0
NetType: Direct Allocation
NameServer: SANDY.THEHIDEOUT.NET
NameServer: SANDY2.THEHIDEOUT.NET
Comment: For Abuse Notices please visit http://www.fastcolocation.net/abuse/
RegDate: 2005-11-07
Updated: 2006-07-31
RAbuseHandle: NAD41-ARIN
RAbuseName: NOC Abuse Department
RAbusePhone: +1-703-637-6336
RAbuseEmail: abusedept@fastcolocation.n et
RNOCHandle: NOC1938-ARIN
RNOCName: Network Operations Center
RNOCPhone: +1-866-467-8946
RNOCEmail: noc@fastcolocation.net
RTechHandle: NOC1938-ARIN
RTechName: Network Operations Center
RTechPhone: +1-866-467-8946
RTechEmail: noc@fastcolocation.net
OrgAbuseHandle: NAD41-ARIN
OrgAbuseName: NOC Abuse Department
OrgAbusePhone: +1-703-637-6336
OrgAbuseEmail: abusedept@fastcolocation.n et
OrgTechHandle: NOC1938-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-866-467-8946
OrgTechEmail: noc@fastcolocation.net
# ARIN WHOIS database, last updated 2007-03-19 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
My question is, who else can I report this too? Besides blocking the IP range at my firewall, what else can I do to protect against it? I'd like to forward the packets from that IP range to a linux box to get a look at them.
Thanks for any help.
Search results for: 204.16.209.140
OrgName: FAST COLOCATION SERVICES
OrgID: FCS-73
Address: 3791 N. Edgewater Dr
City: Wasilla
StateProv: AK
PostalCode: 99654
Country: US
NetRange: 204.16.208.0 - 204.16.211.255
CIDR: 204.16.208.0/22
NetName: FC-BLK-1
NetHandle: NET-204-16-208-0-1
Parent: NET-204-0-0-0-0
NetType: Direct Allocation
NameServer: SANDY.THEHIDEOUT.NET
NameServer: SANDY2.THEHIDEOUT.NET
Comment: For Abuse Notices please visit http://www.fastcolocation.net/abuse/
RegDate: 2005-11-07
Updated: 2006-07-31
RAbuseHandle: NAD41-ARIN
RAbuseName: NOC Abuse Department
RAbusePhone: +1-703-637-6336
RAbuseEmail: abusedept@fastcolocation.n
RNOCHandle: NOC1938-ARIN
RNOCName: Network Operations Center
RNOCPhone: +1-866-467-8946
RNOCEmail: noc@fastcolocation.net
RTechHandle: NOC1938-ARIN
RTechName: Network Operations Center
RTechPhone: +1-866-467-8946
RTechEmail: noc@fastcolocation.net
OrgAbuseHandle: NAD41-ARIN
OrgAbuseName: NOC Abuse Department
OrgAbusePhone: +1-703-637-6336
OrgAbuseEmail: abusedept@fastcolocation.n
OrgTechHandle: NOC1938-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-866-467-8946
OrgTechEmail: noc@fastcolocation.net
# ARIN WHOIS database, last updated 2007-03-19 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.