Well, my friend gave me this link. I'm sure you've all heard of it, phazeddl.com... Well he wanted me to check something out, so I did. Well, I'm against that sort of thing, but needless to say, my friend is not. But that's besides the point...
So I'm like, ok this is retarted and I exit the site, only to have like 3 port scans seconds later. I'm wasn't surprised...
Right off the bat, I know this is not a normal port scan because of the high port numbers they're scanning for, but big deal right? We get tons of these a day...Somebody is scanning your computer.
Your computer's UDP ports:
33458, 33459, 33460, and 33462 have been scanned from 170.224.176.49..
Well... I decided to trace it...
Alright, ISP I guess... But this is not what catches my eye... I do a whois on the hop above this and get:OrgName: Sequent Computer Systems, Incorporated
OrgID: SCS-65
Address: 1000 River Street
City: Essex Junction
StateProv: VT
PostalCode: 05452
Country: US
NetRange: 170.224.0.0 - 170.227.255.255
CIDR: 170.224.0.0/14
NetName: SEQUENT-B
NetHandle: NET-170-224-0-0-1
Parent: NET-170-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.RALEIGH.USF.IBM.COM
NameServer: NS2.RALEIGH.USF.IBM.COM
Comment:
RegDate: 1995-04-21
Updated: 2001-04-06
TechHandle: ZI22-ARIN
TechName: IBM Corporation
TechPhone: +1-999-999-9999
TechEmail: [email protected]
# ARIN WHOIS database, last updated 2005-03-21 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database
If you guys havn't noticed yet I'll point it out to ya...OrgName: BellSouth.net Inc.
OrgID: BELL
Address: 575 Morosgo Drive
City: Atlanta
StateProv: GA
PostalCode: 30324
Country: US
ReferralServer: rwhois://rwhois.eng.bellsouth.net:4321
NetRange: 65.80.0.0 - 65.83.255.255
CIDR: 65.80.0.0/14
NetName: BELLSNET-BLK9
NetHandle: NET-65-80-0-0-1
Parent: NET-65-0-0-0-0
NetType: Direct Allocation
NameServer: NS.BELLSOUTH.NET
NameServer: NS.ATL.BELLSOUTH.NET
Comment:
Comment: For Abuse Issues, email [email protected]. NO ATTACHMENTS. Include IP
Comment: address, time/date, message header, and attack logs.
Comment: For Subpoena Request, email [email protected] with "SUBPOENA" in
Comment: the subject line. Law Enforcement Agencies ONLY, please.
RegDate: 2000-11-28
Updated: 2003-05-05
AbuseHandle: ABUSE81-ARIN
AbuseName: Abuse Group
AbusePhone: +1-404-499-5224
AbuseEmail: [email protected]
TechHandle: JG726-ARIN
TechName: Geurin, Joe
TechPhone: +1-404-499-5240
TechEmail: [email protected]
OrgAbuseHandle: ABUSE81-ARIN
OrgAbuseName: Abuse Group
OrgAbusePhone: +1-404-499-5224
OrgAbuseEmail: [email protected]
OrgTechHandle: JG726-ARIN
OrgTechName: Geurin, Joe
OrgTechPhone: +1-404-499-5240
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2005-03-21 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
I'm guessing by this that somehow they are now watching me now? Or trying to anyway? I find this pretty interesting, and something I for one havn't noticed before on any other whois I have done before...Comment: For Abuse Issues, email [email protected]. NO ATTACHMENTS. Include IP
Comment: address, time/date, message header, and attack logs.
Comment: For Subpoena Request, email [email protected] with "SUBPOENA" in
Comment: the subject line. Law Enforcement Agencies ONLY, please.
Just thought It might turn into a discussion, it's been pretty dead around here latly...
Reply With Quote