just observed a sweep from IP 66.186.59.50, "ircu.krypt.com", looking into port 1137. a bit of news suggests this is a vulnerability search. the signal is coming from an IRC line, port 6667. they must be looking at IRC logs and sweeping those addresses, since i've actually been on IRC in the last couple of weeks (and last night).
another thing, i also saw (for the first time) some nonreciprocated requests for port 34268 while skype was turned off. looking for a relay? i scanned the source and it doesn't actually seem to be a skype host, though maybe i waited too long, after they had turned it off. instead, they actually had unfiltered, closed ports 5800/5900, which are used for remote desktop viewing. also, no clue as to the OS, so i don't know what it actually is. another user? something else? it's another comcast host, presumably another user, but who knows?
i'll check it out again later.
No comments:
Post a Comment