2 Aug
2017
2 Aug
'17
3:36 p.m.
I notice extensive portscanning/vulnerability searching from IP address 44.26.108.60
It has reverse katagiri.desu.ne.jp which also matches with its forward.
(kind of strange, as it is no ampr.org name and .jp has 44.129.0.0/16)
Does anyone have an idea what is going on here?
Rob
3 Aug
3 Aug
4:30 p.m.
Rob,
This IP is announced by UCSD and HamWAN (Washington State, USA)...
Using traceroute, the traffic enters HamWAN, and appears to EXIT HamWAN
for Qwest Communications via 184.100.162.120.
The very next hop is the 44 IP in question.
Looking at the DNS, 108.26.44.IN-ADDR.ARPA is delegated to the following
nameservers:
108.26.44.in-addr.arpa. 3600 ns1.he.net.
108.26.44.in-addr.arpa. 3600 ns2.he.net.
What ports are they probing?
- Lynwood
KB3VWG
4:36 p.m.
Hi,
I responded in private to an email sent to me directly. I was doing a
default nmap of the 44/8 address space just out of curiosity. I
terminated the scan when I found out it was causing concern.
Thanks,
Simon
KI7KOC
2479
days inactive
2480
days old
2 comments
3 participants
participants (3)
-
lleachii@aol.com -
Rob Janssen -
Simon McFarlane