6 May
2017
6 May
'17
11:50 a.m.
Brian,
I've quickly browsed 24 hours of flows for the ports you noted, I found
3 hits for my DNS:
2 from:
2017-05-05 13:58:49.468 10.768 TCP 44.60.44.3:53 ->
123.113.190.94:16689 2 88 1
2017-05-05 13:58:49.468 10.768 TCP 123.113.190.94:16689 ->
44.60.44.3:53 3 128 1
and 1 from:
2017-05-05 14:03:24.727 0.260 UDP 44.60.44.3:53192 ->
192.109.42.4:53 1 78 1
2017-05-05 14:03:24.727 0.260 UDP 192.109.42.4:53 ->
44.60.44.3:53192 1 94 1
but this is interesting:
2017-05-05 14:10:16.333 0.000 TCP 123.113.190.94:16883 ->
44.60.44.2:80 1 40 1
2017-05-05 14:10:16.335 0.000 TCP 123.113.190.94:16883 ->
44.60.44.11:80 1 40 1
2017-05-05 14:10:16.336 0.000 TCP 123.113.190.94:16883 ->
44.60.44.3:80 1 40 1
2017-05-05 14:10:16.337 0.000 TCP 123.113.190.94:16883 ->
44.60.44.13:80 1 40 1
2017-05-05 14:10:16.337 0.000 TCP 123.113.190.94:16883 ->
44.60.44.6:80 1 40 1
2017-05-05 14:10:16.337 0.000 TCP 123.113.190.94:16883 ->
44.60.44.14:80 1 40 1
2017-05-05 14:10:16.338 0.000 TCP 123.113.190.94:16883 ->
44.60.44.12:80 1 40 1
2017-05-05 14:10:16.353 0.000 TCP 123.113.190.94:16883 ->
44.60.44.129:80 1 40 1
2017-05-05 14:10:16.354 0.000 TCP 123.113.190.94:16883 ->
44.60.44.130:80 1 40 1
2017-05-05 14:10:16.355 0.000 TCP 123.113.190.94:16883 ->
44.60.44.134:80 1 40 1
2017-05-05 14:10:16.357 0.000 TCP 123.113.190.94:16883 ->
44.60.44.132:80 1 40 1
2017-05-05 14:10:16.358 0.000 TCP 123.113.190.94:16883 ->
44.60.44.135:80 1 40 1
2017-05-05 14:10:16.358 0.000 TCP 123.113.190.94:16883 ->
44.60.44.1:80 1 40 1
2017-05-05 12:31:27.950 0.000 TCP 123.113.190.94:9379 ->
44.60.44.7:31 1 40 1
2017-05-05 12:31:27.950 0.000 TCP 123.113.190.94:9379 ->
44.60.44.11:31 1 40 1
2017-05-05 12:31:27.950 0.000 TCP 123.113.190.94:9379 ->
44.60.44.10:31 1 40 1
2017-05-05 12:31:27.951 0.000 TCP 123.113.190.94:9379 ->
44.60.44.2:31 1 40 1
2017-05-05 12:31:27.952 0.000 TCP 123.113.190.94:9379 ->
44.60.44.3:31 1 40 1
2017-05-05 12:31:27.953 0.000 TCP 123.113.190.94:9379 ->
44.60.44.14:31 1 40 1
2017-05-05 12:31:27.954 0.000 TCP 123.113.190.94:9379 ->
44.60.44.13:31 1 40 1
2017-05-05 12:31:27.975 0.000 TCP 123.113.190.94:9379 ->
44.60.44.1:31 1 40 1
2017-05-05 12:31:27.978 0.000 TCP 123.113.190.94:9379 ->
44.60.44.130:31 1 40 1
2017-05-05 12:31:27.979 0.000 TCP 123.113.190.94:9379 ->
44.60.44.131:31 1 40 1
2017-05-05 12:31:27.979 0.000 TCP 123.113.190.94:9379 ->
44.60.44.134:31 1 40 1
2017-05-05 12:31:27.981 0.000 TCP 123.113.190.94:9379 ->
44.60.44.133:31 1 40 1
2017-05-05 12:31:27.981 0.000 TCP 123.113.190.94:9379 ->
44.60.44.132:31 1 40 1
2017-05-05 12:31:27.999 0.000 TCP 123.113.190.94:9379 ->
44.60.44.129:31 1 40 1
2017-05-05 12:31:28.034 0.000 TCP 123.113.190.94:9379 ->
44.60.44.128:31 1 40 1
2017-05-05 12:31:28.035 0.000 TCP 123.113.190.94:9379 ->
44.60.44.135:31 1 40 1
<snip>...there's much more...and 31 is an uncommon port these days for
legitimate use...
inetnum: 123.112.0.0 - 123.127.255.255
netname: UNICOM-BJ
descr: China Unicom Beijing province network
descr: China Unicom
country: CN
- Lynwood
KB3VWG