Solved

Spammer sending UDP packets to 1026. What can i do?

Posted on 2007-03-20
1
481 Views
Last Modified: 2010-04-12
Using Kiwi syslog daemon, I have recently noticed a lot of inbound UDP and TCP/IP packets from 204.16.209.140 & 204.16.209.110 & 204.16.209.159 & 204.16.209.120 on many different ports including ports 1026. I assumed it was just some spammer trying to send pop-ups to anyone listening on 1027 but there are a lot of other ports they are sending UDP to. The whois returned the data below.  And I reported the traffic to their Abuse submission form. I doubt anything will happen.
         My question is, who else can I report this too? Besides blocking the IP range at my firewall, what else can I do to protect against it?  I'd like to forward the packets from that IP range to a linux box to get a look at them.

 Thanks for any help.


Search results for: 204.16.209.140


OrgName:    FAST COLOCATION SERVICES
OrgID:      FCS-73
Address:    3791 N. Edgewater Dr
City:       Wasilla
StateProv:  AK
PostalCode: 99654
Country:    US

NetRange:   204.16.208.0 - 204.16.211.255
CIDR:       204.16.208.0/22
NetName:    FC-BLK-1
NetHandle:  NET-204-16-208-0-1
Parent:     NET-204-0-0-0-0
NetType:    Direct Allocation
NameServer: SANDY.THEHIDEOUT.NET
NameServer: SANDY2.THEHIDEOUT.NET
Comment:    For Abuse Notices please visit http://www.fastcolocation.net/abuse/
RegDate:    2005-11-07
Updated:    2006-07-31

RAbuseHandle: NAD41-ARIN
RAbuseName:   NOC Abuse Department
RAbusePhone:  +1-703-637-6336
RAbuseEmail:  abusedept@fastcolocation.net

RNOCHandle: NOC1938-ARIN
RNOCName:   Network Operations Center
RNOCPhone:  +1-866-467-8946
RNOCEmail:  noc@fastcolocation.net

RTechHandle: NOC1938-ARIN
RTechName:   Network Operations Center
RTechPhone:  +1-866-467-8946
RTechEmail:  noc@fastcolocation.net

OrgAbuseHandle: NAD41-ARIN
OrgAbuseName:   NOC Abuse Department
OrgAbusePhone:  +1-703-637-6336
OrgAbuseEmail:  abusedept@fastcolocation.net

OrgTechHandle: NOC1938-ARIN
OrgTechName:   Network Operations Center
OrgTechPhone:  +1-866-467-8946
OrgTechEmail:  noc@fastcolocation.net

# ARIN WHOIS database, last updated 2007-03-19 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

0
Comment
Question by:msk100
1 Comment
 
LVL 8

Accepted Solution

by:
natcom earned 125 total points
ID: 18758208
there is not really much you can do. from what you already doing. the traffic  source can originate  from anywhere in the world spanners can just be using that  particular server for spanning make sure you have the messenger service disabled on all your systems.

perhaps a software firewall at OS level as well for extra protection.
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Limited admins with shutdown and restart rights 3 56
Trunk and Port Security 4 41
Sonicwall blocks a site 49 57
Recycle bin software for network mapped drives? 8 21
A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now