Results 1 to 2 of 2

Thread: Why is the world scanning me on port 61948?

  1. November 13th, 2010, 07:13 AM #1
    wiskic10_4
    wiskic10_4 is offline
    Senior Member wiskic10_4's Avatar
    Join Date
    Jan 2004
    Location
    Corpus Christi, TX
    Posts
    254

    Why is the world scanning me on port 61948?

    [edit]***PROBLEM RESOLVED. SEE SECOND POST***[/EDIT]

    Hey AO.

    I was doing my regular surfing earlier, and the connection seemed a little lagged. As I sometimes do, I pulled up the router admin page and just scoped it out. In checking my incoming log, which is empty 90% of the time, I saw several IP addresses attempting to connect on port 61948 (and a few others).

    I traced the IPs to California, Saudi Arabia and China. World-wide bot-net? Or proxies?

    This has been going on an hour or so now. I could just release my IP on my router and wait for ten minutes and grab a new one, and that would (maybe) get rid of the incoming traffic. It's not really bothering me, as these ports aren't listening on any of my computers. But I am curious as to why I'm being targeted, and particularly, why on that particular port?

    Any ideas?

    Here's a screenshot: http://www.jeremydeanonline.com/temp...Nov12_2010.jpg
    And some of the offending Source IPs:
    76.175.253.19
    119.6.59.170
    92.96.114.9
    116.47.88.76
    222.186.24.192

    I mean, I know that people perform scans all the time - is that what I'm seeing? Maybe I've just never caught one in progress on the router before. It seems to generate the log in "real-time" - meaning, when I click on "incoming log" it shows me only what's incoming for that instant, or maybe that 1 min interval/5 min interval/whatever.

    Also, does anyone know how to "beef-up" the logging capability of a Linksys router... seems like you used to be able to log in to them in a UNIX environment. I'd like to record all incoming activity with a time and date stamp in a text file and have it stored to a hard drive on my network once daily. I guess I need to RTFM...

    Anyway, thoughts, suggestions or criticisms are appreciated. Thanks!
    Last edited by wiskic10_4; November 13th, 2010 at 07:30 AM.
    My Corner of the Intarwebz: Jeremy Dean Online
    Reply With Quote Reply With Quote
  2. November 13th, 2010, 07:22 AM #2
    wiskic10_4
    wiskic10_4 is offline
    Senior Member wiskic10_4's Avatar
    Join Date
    Jan 2004
    Location
    Corpus Christi, TX
    Posts
    254
    Or how about I'm a jackass.

    I have uTorrent configured for port 61948 on my Slack Server. Even though it's not running, I guess the tracker for files I've seeded still has me listed as a seed? So leeches are still trying to connect to me. That makes sense, right? *facepalm*

    I'm still interested to know if anyone has ideas for better logging on the router though. Thanks!
    Last edited by wiskic10_4; November 13th, 2010 at 07:31 AM.
    My Corner of the Intarwebz: Jeremy Dean Online
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. Help with Trojans!!!
    By Jubei_Yagyu_14 in forum Newbie Security Questions
    Replies: 19
    Last Post: February 19th, 2004, 08:42 PM
  2. How well protected are you?
    By valhallen in forum Web Security
    Replies: 39
    Last Post: January 2nd, 2004, 03:27 AM
  3. ports
    By hatebreed2000 in forum AntiOnline's General Chit Chat
    Replies: 1
    Last Post: March 14th, 2003, 06:36 AM
  4. Did hax0rs lab leave a backdoor?
    By July in forum AntiOnline's General Chit Chat
    Replies: 7
    Last Post: March 9th, 2003, 12:24 AM
  5. My firewall block this attempt.. but need info
    By LordChaos in forum Firewall & Honeypot Discussions
    Replies: 19
    Last Post: October 4th, 2002, 11:58 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules