Solved

Spammer sending UDP packets to 1026. What can i do?

Posted on 2007-03-20
1
489 Views
Last Modified: 2010-04-12
Using Kiwi syslog daemon, I have recently noticed a lot of inbound UDP and TCP/IP packets from 204.16.209.140 & 204.16.209.110 & 204.16.209.159 & 204.16.209.120 on many different ports including ports 1026. I assumed it was just some spammer trying to send pop-ups to anyone listening on 1027 but there are a lot of other ports they are sending UDP to. The whois returned the data below.  And I reported the traffic to their Abuse submission form. I doubt anything will happen.
         My question is, who else can I report this too? Besides blocking the IP range at my firewall, what else can I do to protect against it?  I'd like to forward the packets from that IP range to a linux box to get a look at them.

 Thanks for any help.


Search results for: 204.16.209.140


OrgName:    FAST COLOCATION SERVICES
OrgID:      FCS-73
Address:    3791 N. Edgewater Dr
City:       Wasilla
StateProv:  AK
PostalCode: 99654
Country:    US

NetRange:   204.16.208.0 - 204.16.211.255
CIDR:       204.16.208.0/22
NetName:    FC-BLK-1
NetHandle:  NET-204-16-208-0-1
Parent:     NET-204-0-0-0-0
NetType:    Direct Allocation
NameServer: SANDY.THEHIDEOUT.NET
NameServer: SANDY2.THEHIDEOUT.NET
Comment:    For Abuse Notices please visit http://www.fastcolocation.net/abuse/
RegDate:    2005-11-07
Updated:    2006-07-31

RAbuseHandle: NAD41-ARIN
RAbuseName:   NOC Abuse Department
RAbusePhone:  +1-703-637-6336
RAbuseEmail:  abusedept@fastcolocation.net

RNOCHandle: NOC1938-ARIN
RNOCName:   Network Operations Center
RNOCPhone:  +1-866-467-8946
RNOCEmail:  noc@fastcolocation.net

RTechHandle: NOC1938-ARIN
RTechName:   Network Operations Center
RTechPhone:  +1-866-467-8946
RTechEmail:  noc@fastcolocation.net

OrgAbuseHandle: NAD41-ARIN
OrgAbuseName:   NOC Abuse Department
OrgAbusePhone:  +1-703-637-6336
OrgAbuseEmail:  abusedept@fastcolocation.net

OrgTechHandle: NOC1938-ARIN
OrgTechName:   Network Operations Center
OrgTechPhone:  +1-866-467-8946
OrgTechEmail:  noc@fastcolocation.net

# ARIN WHOIS database, last updated 2007-03-19 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

0
Comment
Question by:msk100
1 Comment
 
LVL 8

Accepted Solution

by:
natcom earned 125 total points
ID: 18758208
there is not really much you can do. from what you already doing. the traffic  source can originate  from anywhere in the world spanners can just be using that  particular server for spanning make sure you have the messenger service disabled on all your systems.

perhaps a software firewall at OS level as well for extra protection.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question