Port 6057 getting hammered

Discussion in 'other firewalls' started by dangitall, Apr 3, 2004.

Thread Status:
Not open for further replies.
  1. dangitall

    dangitall Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    430
    Location:
    New Hamster, USA
    Something that appears to have started recently: my port 6057 is getting constant hits from 66.90.79.74. SmartWhoIs tells me that this address belongs to someone/-thing called FDCServers.net LLC in Chicago. ZoneAlarm is blocking these hits, but I'd like to know if anyone has any info regarding this phenomenon.

    Thanks!
     

    Attached Files:

  2. Shockem

    Shockem Guest

    66.90.64.0 - 66.90.127.255
    FDCservers.net LLC
    141 West Jackson Blvd, Suite 1135
    US


    66.90.79.64 - 66.90.79.95
    FDCservers.net LLC FDCSERVERSNET (NET-66-90-64-80-1) 66.90.64.80 - 66.90.64.87
    FDCservers.net LLC FDCSERVERSNET (NET-66-90-66-128-1) 66.90.66.128 - 66.90.66.159
    FDCservers.net LLC FDCSERVERSNET (NET-66-90-64-56-1) 66.90.64.56 - 66.90.64.63
    FDCservers.net LLC FDCSERVERSNET (NET-66-90-87-0-1) 66.90.87.0 - 66.90.87.15
    FDCservers.net LLC FDCSERVERSNET (NET-66-90-68-0-1) 66.90.68.0 - 66.90.68.63
    FDCservers.net LLC FDCSERVERSNET (NET-66-90-70-224-1) 66.90.70.224 - 66.90.70.255
    FDCservers.net LLC FDCSERVERSNET (NET-66-90-71-192-1) 66.90.71.192 - 66.90.71.255
    FDCservers.net LLC FDCSERVERSNET (NET-66-90-82-96-1) 66.90.82.96 - 66.90.82.127
    FDCservers.net LLC FDCSERVERSNET (NET-66-90-81-64-1) 66.90.81.64 - 66.90.81.127
    FDCservers.net LLC FDCSERVERSNET (NET-66-90-81-0-1) 66.90.81.0 - 66.90.81.63
    FDCservers.net LLC FDCSERVERSNET (NET-66-90-79-64-1) 66.90.79.64 - 66.90.79.95
    FDCservers.net LLC FDCSERVERSNET (NET-66-90-75-64-1) 66.90.75.64 - 66.90.75.127
    FDCservers.net LLC FDCSERVERSNET (NET-66-90-86-8-1) 66.90.86.8 - 66.90.86.15
    FDCservers.net LLC FDCSERVERSNET (NET-66-90-79-96-1) 66.90.79.96 - 66.90.79.127
    FDCserversNET FDCSERVERSNET (NET-66-90-65-216-1) 66.90.65.216 - 66.90.65.223
    FDCserversNET FDCSERVERSNET (NET-66-90-79-192-1) 66.90.79.192 - 66.90.79.207
    FDCserversNET FDCSERVERSNET (NET-66-90-78-208-1) 66.90.78.208 - 66.90.78.223
    FDCserversNET FDCSERVERSNET (NET-66-90-79-144-1) 66.90.79.144 - 66.90.79.159
    FDCserversNET FDCSERVERSNET (NET-66-90-73-0-1) 66.90.73.0 - 66.90.73.255
    FDCserversnet FDCSERVERSNET (NET-66-90-65-208-1) 66.90.65.208 - 66.90.65.215
    FDCserversNET FDCSERVERSNET (NET-66-90-78-0-1) 66.90.78.0 - 66.90.78.15
    FDCserversnet FDCSERVERSNET (NET-66-90-65-208-1) 66.90.65.208 - 66.90.65.215
    FDCserversNET FDCSERVERSNET (NET-66-90-78-0-1) 66.90.78.0 - 66.90.78.15
    FDCserversNET FDCSERVERSNET (NET-66-90-65-216-1) 66.90.65.216 - 66.90.65.223
    FDCserversNET FDCSERVERSNET (NET-66-90-79-192-1) 66.90.79.192 - 66.90.79.207
    FDCserversNET FDCSERVERSNET (NET-66-90-78-208-1) 66.90.78.208 - 66.90.78.223
    FDCserversNET FDCSERVERSNET (NET-66-90-79-144-1) 66.90.79.144 - 66.90.79.159
    FDCserversNET FDCSERVERSNET (NET-66-90-73-0-1) 66.90.73.0 - 66.90.73.255
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Port 6057 = X11 - X Window System

    CustName: FDCservers.net LLC
    Address: 141 w jackson blvd #1135
    City: Chicago
    StateProv: IL
    PostalCode: 60604
    Country: US
    RegDate: 2003-11-12
    Updated: 2003-11-12

    NetRange: 66.90.79.64 - 66.90.79.95
    CIDR: 66.90.79.64/27
    NetName: FDCSERVERSNET
    NetHandle: NET-66-90-79-64-1
    Parent: NET-66-90-64-0-1
    NetType: Reassigned
    Comment:
    RegDate: 2003-11-12
    Updated: 2003-11-12

    OrgAbuseHandle: ABUSE438-ARIN
    OrgAbuseName: ABUSE department
    OrgAbusePhone: +1-312-913-9304
    OrgAbuseEmail: abuse@fdcservers.net

    OrgNOCHandle: NOC1402-ARIN
    OrgNOCName: Network Operations Center
    OrgNOCPhone: +1-312-913-9304
    OrgNOCEmail: support@fdcservers.net

    OrgTechHandle: PKR5-ARIN
    OrgTechName: Kral, Petr
    OrgTechPhone: +1-312-933-1046
    OrgTechEmail: petr@fdcservers.net

    # ARIN WHOIS database, last updated 2004-04-02 19:15
    # Enter ? for additional hints on searching ARIN's WHOIS database.

    My automatic whois in Port Explorer gives me this, so you know where to complain.
    You can do more blocking with the ZAPro like excluding that IP range from reaching your system at all or adding some expert rules (the experts in this forum can help you with that -- that's what it are expert rules for!)
    Get a (free) evaluation of Port Explorer at the www.diamondcs.com.au site and spy in the connections, block and/or kill them, at least you can do something and see what they are trying to bomb you with and if it could be related to anything on your system (most probably not, but with that you know for sure!)
     
  4. dangitall

    dangitall Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    430
    Location:
    New Hamster, USA
    Thanks, Shockem and Jooske. The free version of ZA, which is what I'm currently running, was blocking all of the hits, so I don't expect that anything untoward occurred.

    I will, however, be contacting the source to see if they can offer any info - just to settle my own curiosity.
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Yes, think it's good to contact them, and i would try the Port Explorer to detect in the blink of an eye if anything on your system would be connected to the problem, anything listening on that port, some application you're not aware off, whatever it could be.
    Your ZA log should convince them already, while PE gives you some tools in hands to detect and do some more.
    If this doesn't solve enough you might like to post a Hijackthis log in the HJT forum for the experts to look for you.
     
  6. dangitall

    dangitall Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    430
    Location:
    New Hamster, USA
    Thank you, Jooske - I'll keep PortExplorer in mind, and I'll post back with any response I receive from FDCServers. If I start noticing problems that I can't trace and repair myself, I know where to place a HijackThis log.

    Thanks again. :)
     
Loading...
Thread Status:
Not open for further replies.