I notice extensive portscanning/vulnerability searching from IP address 44.26.108.60 It has reverse katagiri.desu.ne.jp which also matches with its forward. (kind of strange, as it is no ampr.org name and .jp has 44.129.0.0/16)
Does anyone have an idea what is going on here?
Rob
Rob,
This IP is announced by UCSD and HamWAN (Washington State, USA)...
Using traceroute, the traffic enters HamWAN, and appears to EXIT HamWAN for Qwest Communications via 184.100.162.120.
The very next hop is the 44 IP in question.
Looking at the DNS, 108.26.44.IN-ADDR.ARPA is delegated to the following nameservers:
108.26.44.in-addr.arpa. 3600 ns1.he.net. 108.26.44.in-addr.arpa. 3600 ns2.he.net.
What ports are they probing?
- Lynwood KB3VWG
Hi,
I responded in private to an email sent to me directly. I was doing a default nmap of the 44/8 address space just out of curiosity. I terminated the scan when I found out it was causing concern.
Thanks, Simon KI7KOC
-
lleachii@aol.com -
Rob Janssen -
Simon McFarlane