Solved

Spammer sending UDP packets to 1026. What can i do?

Posted on 2007-03-20
1
485 Views
Last Modified: 2010-04-12
Using Kiwi syslog daemon, I have recently noticed a lot of inbound UDP and TCP/IP packets from 204.16.209.140 & 204.16.209.110 & 204.16.209.159 & 204.16.209.120 on many different ports including ports 1026. I assumed it was just some spammer trying to send pop-ups to anyone listening on 1027 but there are a lot of other ports they are sending UDP to. The whois returned the data below.  And I reported the traffic to their Abuse submission form. I doubt anything will happen.
         My question is, who else can I report this too? Besides blocking the IP range at my firewall, what else can I do to protect against it?  I'd like to forward the packets from that IP range to a linux box to get a look at them.

 Thanks for any help.


Search results for: 204.16.209.140


OrgName:    FAST COLOCATION SERVICES
OrgID:      FCS-73
Address:    3791 N. Edgewater Dr
City:       Wasilla
StateProv:  AK
PostalCode: 99654
Country:    US

NetRange:   204.16.208.0 - 204.16.211.255
CIDR:       204.16.208.0/22
NetName:    FC-BLK-1
NetHandle:  NET-204-16-208-0-1
Parent:     NET-204-0-0-0-0
NetType:    Direct Allocation
NameServer: SANDY.THEHIDEOUT.NET
NameServer: SANDY2.THEHIDEOUT.NET
Comment:    For Abuse Notices please visit http://www.fastcolocation.net/abuse/
RegDate:    2005-11-07
Updated:    2006-07-31

RAbuseHandle: NAD41-ARIN
RAbuseName:   NOC Abuse Department
RAbusePhone:  +1-703-637-6336
RAbuseEmail:  abusedept@fastcolocation.net

RNOCHandle: NOC1938-ARIN
RNOCName:   Network Operations Center
RNOCPhone:  +1-866-467-8946
RNOCEmail:  noc@fastcolocation.net

RTechHandle: NOC1938-ARIN
RTechName:   Network Operations Center
RTechPhone:  +1-866-467-8946
RTechEmail:  noc@fastcolocation.net

OrgAbuseHandle: NAD41-ARIN
OrgAbuseName:   NOC Abuse Department
OrgAbusePhone:  +1-703-637-6336
OrgAbuseEmail:  abusedept@fastcolocation.net

OrgTechHandle: NOC1938-ARIN
OrgTechName:   Network Operations Center
OrgTechPhone:  +1-866-467-8946
OrgTechEmail:  noc@fastcolocation.net

# ARIN WHOIS database, last updated 2007-03-19 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

0
Comment
Question by:msk100
1 Comment
 
LVL 8

Accepted Solution

by:
natcom earned 125 total points
ID: 18758208
there is not really much you can do. from what you already doing. the traffic  source can originate  from anywhere in the world spanners can just be using that  particular server for spanning make sure you have the messenger service disabled on all your systems.

perhaps a software firewall at OS level as well for extra protection.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question