View Full Version : Port 6057 getting hammered
dangitall
April 3rd, 2004, 11:21 AM
Something that appears to have started recently: my port 6057 is getting constant hits from 66.90.79.74. SmartWhoIs tells me that this address belongs to someone/-thing called FDCServers.net LLC in Chicago. ZoneAlarm is blocking these hits, but I'd like to know if anyone has any info regarding this phenomenon.
Thanks!
Shockem
April 3rd, 2004, 12:20 PM
66.90.64.0 - 66.90.127.255
FDCservers.net LLC
141 West Jackson Blvd, Suite 1135
US
66.90.79.64 - 66.90.79.95
FDCservers.net LLC FDCSERVERSNET (NET-66-90-64-80-1) 66.90.64.80 - 66.90.64.87
FDCservers.net LLC FDCSERVERSNET (NET-66-90-66-128-1) 66.90.66.128 - 66.90.66.159
FDCservers.net LLC FDCSERVERSNET (NET-66-90-64-56-1) 66.90.64.56 - 66.90.64.63
FDCservers.net LLC FDCSERVERSNET (NET-66-90-87-0-1) 66.90.87.0 - 66.90.87.15
FDCservers.net LLC FDCSERVERSNET (NET-66-90-68-0-1) 66.90.68.0 - 66.90.68.63
FDCservers.net LLC FDCSERVERSNET (NET-66-90-70-224-1) 66.90.70.224 - 66.90.70.255
FDCservers.net LLC FDCSERVERSNET (NET-66-90-71-192-1) 66.90.71.192 - 66.90.71.255
FDCservers.net LLC FDCSERVERSNET (NET-66-90-82-96-1) 66.90.82.96 - 66.90.82.127
FDCservers.net LLC FDCSERVERSNET (NET-66-90-81-64-1) 66.90.81.64 - 66.90.81.127
FDCservers.net LLC FDCSERVERSNET (NET-66-90-81-0-1) 66.90.81.0 - 66.90.81.63
FDCservers.net LLC FDCSERVERSNET (NET-66-90-79-64-1) 66.90.79.64 - 66.90.79.95
FDCservers.net LLC FDCSERVERSNET (NET-66-90-75-64-1) 66.90.75.64 - 66.90.75.127
FDCservers.net LLC FDCSERVERSNET (NET-66-90-86-8-1) 66.90.86.8 - 66.90.86.15
FDCservers.net LLC FDCSERVERSNET (NET-66-90-79-96-1) 66.90.79.96 - 66.90.79.127
FDCserversNET FDCSERVERSNET (NET-66-90-65-216-1) 66.90.65.216 - 66.90.65.223
FDCserversNET FDCSERVERSNET (NET-66-90-79-192-1) 66.90.79.192 - 66.90.79.207
FDCserversNET FDCSERVERSNET (NET-66-90-78-208-1) 66.90.78.208 - 66.90.78.223
FDCserversNET FDCSERVERSNET (NET-66-90-79-144-1) 66.90.79.144 - 66.90.79.159
FDCserversNET FDCSERVERSNET (NET-66-90-73-0-1) 66.90.73.0 - 66.90.73.255
FDCserversnet FDCSERVERSNET (NET-66-90-65-208-1) 66.90.65.208 - 66.90.65.215
FDCserversNET FDCSERVERSNET (NET-66-90-78-0-1) 66.90.78.0 - 66.90.78.15
FDCserversnet FDCSERVERSNET (NET-66-90-65-208-1) 66.90.65.208 - 66.90.65.215
FDCserversNET FDCSERVERSNET (NET-66-90-78-0-1) 66.90.78.0 - 66.90.78.15
FDCserversNET FDCSERVERSNET (NET-66-90-65-216-1) 66.90.65.216 - 66.90.65.223
FDCserversNET FDCSERVERSNET (NET-66-90-79-192-1) 66.90.79.192 - 66.90.79.207
FDCserversNET FDCSERVERSNET (NET-66-90-78-208-1) 66.90.78.208 - 66.90.78.223
FDCserversNET FDCSERVERSNET (NET-66-90-79-144-1) 66.90.79.144 - 66.90.79.159
FDCserversNET FDCSERVERSNET (NET-66-90-73-0-1) 66.90.73.0 - 66.90.73.255
Jooske
April 3rd, 2004, 01:00 PM
Port 6057 = X11 - X Window System
CustName: FDCservers.net LLC
Address: 141 w jackson blvd #1135
City: Chicago
StateProv: IL
PostalCode: 60604
Country: US
RegDate: 2003-11-12
Updated: 2003-11-12
NetRange: 66.90.79.64 - 66.90.79.95
CIDR: 66.90.79.64/27
NetName: FDCSERVERSNET
NetHandle: NET-66-90-79-64-1
Parent: NET-66-90-64-0-1
NetType: Reassigned
Comment:
RegDate: 2003-11-12
Updated: 2003-11-12
OrgAbuseHandle: ABUSE438-ARIN
OrgAbuseName: ABUSE department
OrgAbusePhone: +1-312-913-9304
OrgAbuseEmail: abuse@fdcservers.net
OrgNOCHandle: NOC1402-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-312-913-9304
OrgNOCEmail: support@fdcservers.net
OrgTechHandle: PKR5-ARIN
OrgTechName: Kral, Petr
OrgTechPhone: +1-312-933-1046
OrgTechEmail: petr@fdcservers.net
# ARIN WHOIS database, last updated 2004-04-02 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
My automatic whois in Port Explorer gives me this, so you know where to complain.
You can do more blocking with the ZAPro like excluding that IP range from reaching your system at all or adding some expert rules (the experts in this forum can help you with that -- that's what it are expert rules for!)
Get a (free) evaluation of Port Explorer at the www.diamondcs.com.au site and spy in the connections, block and/or kill them, at least you can do something and see what they are trying to bomb you with and if it could be related to anything on your system (most probably not, but with that you know for sure!)
dangitall
April 3rd, 2004, 06:36 PM
Thanks, Shockem and Jooske. The free version of ZA, which is what I'm currently running, was blocking all of the hits, so I don't expect that anything untoward occurred.
I will, however, be contacting the source to see if they can offer any info - just to settle my own curiosity.
Jooske
April 3rd, 2004, 09:05 PM
Yes, think it's good to contact them, and i would try the Port Explorer to detect in the blink of an eye if anything on your system would be connected to the problem, anything listening on that port, some application you're not aware off, whatever it could be.
Your ZA log should convince them already, while PE gives you some tools in hands to detect and do some more.
If this doesn't solve enough you might like to post a Hijackthis log in the HJT forum for the experts to look for you.
dangitall
April 3rd, 2004, 09:18 PM
Thank you, Jooske - I'll keep PortExplorer in mind, and I'll post back with any response I receive from FDCServers. If I start noticing problems that I can't trace and repair myself, I know where to place a HijackThis log.
Thanks again. :)
vBulletin® Copyright ©2000-2012, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2012, Wilders Security Forums