-
November 13th, 2010, 07:13 AM
#1
Why is the world scanning me on port 61948?
[edit]***PROBLEM RESOLVED. SEE SECOND POST***[/EDIT]
Hey AO.
I was doing my regular surfing earlier, and the connection seemed a little lagged. As I sometimes do, I pulled up the router admin page and just scoped it out. In checking my incoming log, which is empty 90% of the time, I saw several IP addresses attempting to connect on port 61948 (and a few others).
I traced the IPs to California, Saudi Arabia and China. World-wide bot-net? Or proxies?
This has been going on an hour or so now. I could just release my IP on my router and wait for ten minutes and grab a new one, and that would (maybe) get rid of the incoming traffic. It's not really bothering me, as these ports aren't listening on any of my computers. But I am curious as to why I'm being targeted, and particularly, why on that particular port?
Any ideas?
Here's a screenshot: http://www.jeremydeanonline.com/temp...Nov12_2010.jpg
And some of the offending Source IPs:
76.175.253.19
119.6.59.170
92.96.114.9
116.47.88.76
222.186.24.192
I mean, I know that people perform scans all the time - is that what I'm seeing? Maybe I've just never caught one in progress on the router before. It seems to generate the log in "real-time" - meaning, when I click on "incoming log" it shows me only what's incoming for that instant, or maybe that 1 min interval/5 min interval/whatever.
Also, does anyone know how to "beef-up" the logging capability of a Linksys router... seems like you used to be able to log in to them in a UNIX environment. I'd like to record all incoming activity with a time and date stamp in a text file and have it stored to a hard drive on my network once daily. I guess I need to RTFM...
Anyway, thoughts, suggestions or criticisms are appreciated. Thanks!
Last edited by wiskic10_4; November 13th, 2010 at 07:30 AM.
-
November 13th, 2010, 07:22 AM
#2
Or how about I'm a jackass.
I have uTorrent configured for port 61948 on my Slack Server. Even though it's not running, I guess the tracker for files I've seeded still has me listed as a seed? So leeches are still trying to connect to me. That makes sense, right? *facepalm*
I'm still interested to know if anyone has ideas for better logging on the router though. Thanks!
Last edited by wiskic10_4; November 13th, 2010 at 07:31 AM.
Similar Threads
-
By Jubei_Yagyu_14 in forum Newbie Security Questions
Replies: 19
Last Post: February 19th, 2004, 08:42 PM
-
By valhallen in forum Web Security
Replies: 39
Last Post: January 2nd, 2004, 03:27 AM
-
By hatebreed2000 in forum AntiOnline's General Chit Chat
Replies: 1
Last Post: March 14th, 2003, 06:36 AM
-
By July in forum AntiOnline's General Chit Chat
Replies: 7
Last Post: March 9th, 2003, 12:24 AM
-
By LordChaos in forum Firewall & Honeypot Discussions
Replies: 19
Last Post: October 4th, 2002, 11:58 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|