Port scans. What are these?

Port scans. What are these?: Posted by kmtanner@cyberspace.org on October 18th, 2005; Hi people. I get constant & regular port scans from these IP
addresses:

61.137.117.208
61.233.40.205
61.237.29.102
61.237.3.70
61.235.144.86

Severity: Minor
Direction: Incoming
Protocol: UDP

ARIN and RIPE whois servers don't give any information about any
of these addresses. It kinda bugs me because they're constant
scans. Probably caused by some application I've installed (like
automatic update check or...)

Could anyone enlighten me? Thanks in advance.; Posted by Anders on October 18th, 2005; kmtanner@cyberspace.org wrote:
It looks like it is China messenger spam to me, are they using udp on
port 1026,1027 it probable is.

61.137.117.208
61.137.0.0 - 61.137.127.255
netname: CHINANET-HN
country: CN
descr: CHINANET Hunan province network
descr: China Telecom

61.233.40.205
61.233.40.0 - 61.233.40.255
netname: CRHbYqS
country: CN
descr: China Railcom Hebei Yangquan Subbranch
descr: Telecommunication

61.237.29.102
61.232.0.0 - 61.237.255.255
netname: CRTC
country: CN
descr: CHINA RAILWAY TELECOMMUNICATIONS CENTER
admin-c: LQ112-AP
tech-c: LM273-AP
status: ALLOCATED PORTABLE

61.237.3.70
61.232.0.0 - 61.237.255.255
netname: CRTC
country: CN
descr: CHINA RAILWAY TELECOMMUNICATIONS CENTER
admin-c: LQ112-AP
tech-c: LM273-AP
status: ALLOCATED PORTABLE

61.235.144.86
61.232.0.0 - 61.237.255.255
netname: CRTC
country: CN
descr: CHINA RAILWAY TELECOMMUNICATIONS CENTER
admin-c: LQ112-AP
tech-c: LM273-AP
status: ALLOCATED PORTABLE; Posted by kmtanner@cyberspace.org on October 18th, 2005; Anders wrote:
This is the information I got:

=============insert
Somebody is scanning your computer.
Your computer's UDP ports:
1028, 1029, 1030, and 4081 have been scanned from 61.137.117.208..
=============outsert

Thanks a lot for your help.; Posted by kmtanner@cyberspace.org on October 18th, 2005; Oh btw Anders: What service did you use to get the information? RIPE
doesn't
work well for me...; Posted by Hairy One Kenobi on October 19th, 2005; <kmtanner@cyberspace.org> wrote in message
news:1129661128.694549.302160@g14g2000cwa.googlegr oups.com...
There are more than two rings in the Olympic symbol (hint!)

Google for APNIC, then either follow that up with a more general registrar
search, or download the appropriate software.

I cook my own, but many are available. codecutters.org. YMMV, I don't
exactly stay up nights doing wonderful and interesting things with
interfaces (Erm.. /software/ interfaces, that is. Cough! )

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!; Posted by Anders on October 19th, 2005; kmtanner@cyberspace.org wrote:
"Network Tools" a nice little tool in Linux useing whois.net

Anders; Posted by ROBERT S AMP BA Drake on October 23rd, 2005; This one works very well to find out the origin of the IP:

http://www.samspade.org/

"Anders" <andersajja@hotmail.com> wrote in message
news:qPl5f.148613$dP1.506539@newsc.telia.net...

Similar Posts

Re: Port scans from China anyone else? (Computers & Technology) by ellis_jay
Re: Port scans from China anyone else? (Computers & Technology) by Whiskers
Re: Port scans from China anyone else? (Computers & Technology) by Andrew
Re: Port scans from China anyone else? (Computers & Technology) by Plato
Sick of port scans (Computers & Technology) by James Drake