Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Port 33436 (tcp/udp) Attack Activity - SANS Internet Storm Center Port 33436 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
[get complete service list]
Port Information
Protocol Service Name
Top IPs Scanning
TodayYesterday
()148.253.236.084 (14)
()174.035.051.161 (13)
()174.035.064.104 (13)
()148.253.227.036 (13)
()123.031.038.005 (12)
()101.079.148.070 (12)
()174.035.006.108 (12)
()175.041.007.002 (12)
()115.127.225.023 (12)
()221.132.017.002 (12)
User Comments
Submitted By Date
Comment
Kevin 2011-11-30 03:43:06
Nov 29 14:01:16 phics kernel: AIF:UNPRIV UDP packet: IN=eth0 OUT= SRC=66.35.46.198 DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=2 ID=267 PROTO=UDP SPT=11356 DPT=33436 LEN=12 Occurs twice a day in groups of 4.
Kevin 2011-11-30 03:43:04
Nov 29 14:01:16 phics kernel: AIF:UNPRIV UDP packet: IN=eth0 OUT= SRC=66.35.46.198 DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=2 ID=267 PROTO=UDP SPT=11356 DPT=33436 LEN=12 Occurs twice a day in groups of 4.
Kevin 2011-11-30 03:42:56
I contacted Fortrust who owns 66.35.46.198 and they indicated that the UDP traffic on port 33436 was harmless. Here is their response: "The device is to ensure that our customers always have outbound internet bandwidth available and the best performance. Your ip address must have been detected and hence the probes. We have a lot of different customers and are mainly ecommerce and search engines. You probably access one of our customers websites on a daily basis."
2009-04-12 00:04:18
Browsing to Overstock.com, or logging in to Overstock Auctions site, results in a traceroute hit on the firewall from IP: 67.110.107.9 on every visit.
Add a comment
CVE Links
CVE # Description