Many hits on 6129

Discussion in 'other security issues & news' started by Jooske, Jan 25, 2004.

Thread Status:
Not open for further replies.
  1. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Noticing at the moment many hits on TCP 6129, originating from port 220 from many different sources.
    It could be a remote dameware problem, others say maybe the new sub7.3
    Not sure yet. Any information available?
    See also this discussion at DSLR forums.
    http://www.dslreports.com/forum/remark,8858122~mode=flat
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2004-01/0024.html

    these are some of the ip's the probe is coming from
    several of the sites I visited seem to think it is a bot.
    These are results, since last sunday,
    the ip's originating the probe:


    2 12.18.102.139
    2 129.24.31.243
    2 193.175.236.28
    2 194.42.22.134
    3 195.110.84.82
    2 195.199.185.1
    2 199.0.194.131
    2 204.87.98.143
    1 206.135.39.149
    2 211.106.27.225
    2 212.100.101.200
    2 212.234.28.5
    4 213.32.96.239
    2 217.218.247.3
    11 217.232.181.21
    2 24.132.39.38
    1 24.136.103.158
    2 61.133.213.167
    2 65.210.193.5
    1 66.139.132.122

    http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0017.html
     
  3. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Definitely on the rise and currently one of the top ports being scanned. ( InternetStormCenter ) Not seeing a hole lot myself, compared to others.

    I notice about 30% of the entries in my logs have the source port 220 as well.
    I find that interesting, in that this is a service port (imap3). I don't usually see service ports as the source port in scans (one exception being NetBios scans). Will have to wait and see how it plays out.

    Regards,

    CrazyM
     
  4. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Give a look at this website which may give you some insight ....

    http://www.simovits.com/nyheter9902.html
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Hmm, I have several here myself (220/tcp > 6129/tcp). Interestingly enough, I'm on a new dynamic address range today following my last reboot. My ISP has a new block of IP addresses in the newer (69.0.*.*) ranges, and I hit a new class C today not used here before. Usually that means you have little chance of inheriting odd traffic (when you pick up the new IP) since few people have used the address before. But in this case, I'm seeing these, too.
     
Loading...
Thread Status:
Not open for further replies.