Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Spammer sending UDP packets to 1026. What can i do?

Posted on 2007-03-20
1
Medium Priority
?
507 Views
Last Modified: 2010-04-12
Using Kiwi syslog daemon, I have recently noticed a lot of inbound UDP and TCP/IP packets from 204.16.209.140 & 204.16.209.110 & 204.16.209.159 & 204.16.209.120 on many different ports including ports 1026. I assumed it was just some spammer trying to send pop-ups to anyone listening on 1027 but there are a lot of other ports they are sending UDP to. The whois returned the data below.  And I reported the traffic to their Abuse submission form. I doubt anything will happen.
         My question is, who else can I report this too? Besides blocking the IP range at my firewall, what else can I do to protect against it?  I'd like to forward the packets from that IP range to a linux box to get a look at them.

 Thanks for any help.


Search results for: 204.16.209.140


OrgName:    FAST COLOCATION SERVICES
OrgID:      FCS-73
Address:    3791 N. Edgewater Dr
City:       Wasilla
StateProv:  AK
PostalCode: 99654
Country:    US

NetRange:   204.16.208.0 - 204.16.211.255
CIDR:       204.16.208.0/22
NetName:    FC-BLK-1
NetHandle:  NET-204-16-208-0-1
Parent:     NET-204-0-0-0-0
NetType:    Direct Allocation
NameServer: SANDY.THEHIDEOUT.NET
NameServer: SANDY2.THEHIDEOUT.NET
Comment:    For Abuse Notices please visit http://www.fastcolocation.net/abuse/
RegDate:    2005-11-07
Updated:    2006-07-31

RAbuseHandle: NAD41-ARIN
RAbuseName:   NOC Abuse Department
RAbusePhone:  +1-703-637-6336
RAbuseEmail:  abusedept@fastcolocation.net

RNOCHandle: NOC1938-ARIN
RNOCName:   Network Operations Center
RNOCPhone:  +1-866-467-8946
RNOCEmail:  noc@fastcolocation.net

RTechHandle: NOC1938-ARIN
RTechName:   Network Operations Center
RTechPhone:  +1-866-467-8946
RTechEmail:  noc@fastcolocation.net

OrgAbuseHandle: NAD41-ARIN
OrgAbuseName:   NOC Abuse Department
OrgAbusePhone:  +1-703-637-6336
OrgAbuseEmail:  abusedept@fastcolocation.net

OrgTechHandle: NOC1938-ARIN
OrgTechName:   Network Operations Center
OrgTechPhone:  +1-866-467-8946
OrgTechEmail:  noc@fastcolocation.net

# ARIN WHOIS database, last updated 2007-03-19 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

0
Comment
Question by:msk100
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 8

Accepted Solution

by:
natcom earned 500 total points
ID: 18758208
there is not really much you can do. from what you already doing. the traffic  source can originate  from anywhere in the world spanners can just be using that  particular server for spanning make sure you have the messenger service disabled on all your systems.

perhaps a software firewall at OS level as well for extra protection.
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
How does someone stay on the right and legal side of the hacking world?
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question