This site requires Javascript to function properly - please enable Javascript in your browser

Recently Rated:

Black Mountains - The Recollections Of A South Wales Miner rated a 5

My Kingdom Of Books - Richard Booth rated a 5

Cymru'r Cynfas / Wales on Canvas rated a 5

Ancient Chapels & Churches In Wales rated a 5

Welsh Names For Children / Enwau Cymraeg i Blant rated a 5

Stats

Blogs: 393

events: 47

youtube videos: 122

images: 57

Files: 4

FAQs: 4

Invitations: 1

Item Bundles: 1

Groups: 2

videos: 2

From Our Technical Department ( Pass the Sixpack ) - An In Joke

AmeriCymru » Blog » » From Our Technical Department ( Pass the Sixpack ) - An In Joke

2009-10-17
By: AmeriCymru
Posted in:

Recently we became aware that our network performance was becoming somewhat flaky....constant timeouts and "Ooops that link appears to be broken" messages. Hell of a job to get any work done. I installed Firestarter ( a linux firewall app ) and checked the logs. Sure enough...suspicious activity appearing to emanate from an ISP in Absecon New Jersey called Linode.com. Heres an excerpt from the log:-

Time:Oct 12 07:50:18 Direction: Unknown In:eth0 Out: Port:40782 Source:72.14.177.229 Destination:192.168.1.2 Length:306 TOS:0x00 Protocol:TCP Service:UnknownTime:Oct 12 07:50:18 Direction: Unknown In:eth0 Out: Port:40790 Source:72.14.177.229 Destination:192.168.1.2 Length:306 TOS:0x00 Protocol:TCP Service:UnknownTime:Oct 12 08:03:22 Direction: Unknown In:eth0 Out: Port:43731 Source:72.14.177.229 Destination:192.168.1.2 Length:307 TOS:0x00 Protocol:TCP Service:UnknownTime:Oct 12 08:04:04 Direction: Unknown In:eth0 Out: Port:57936 Source:72.14.177.229 Destination:192.168.1.2 Length:306 TOS:0x00 Protocol:TCP Service:UnknownTime:Oct 12 08:13:36 Direction: Unknown In:eth0 Out: Port:57253 Source:72.14.177.229 Destination:192.168.1.2 Length:307 TOS:0x00 Protocol:TCP Service:UnknownTime:Oct 12 08:14:03 Direction: Unknown In:eth0 Out: Port:59380 Source:72.14.177.229 Destination:192.168.1.2 Length:307 TOS:0x00 Protocol:TCP Service:UnknownTime:Oct 12 08:14:13 Direction: Unknown In:eth0 Out: Port:59384 Source:72.14.177.229 Destination:192.168.1.2 Length:306 TOS:0x00 Protocol:TCP Service:UnknownTime:Oct 12 08:14:45 Direction: Unknown In:eth0 Out: Port:59396 Source:72.14.177.229 Destination:192.168.1.2 Length:306 TOS:0x00 Protocol:TCP Service:UnknownTime:Oct 12 08:17:44 Direction: Unknown In:eth0 Out: Port:57256 Source:72.14.177.229 Destination:192.168.1.2 Length:306 TOS:0x00 Protocol:TCP Service:UnknownTime:Oct 12 08:18:04 Direction: Unknown In:eth0 Out: Port:43123 Source:72.14.177.229 Destination:192.168.1.2 Length:306 TOS:0x00 Protocol:TCP Service:UnknownTime:Oct 12 08:19:46 Direction: Unknown In:eth0 Out: Port:57884 Source:72.14.177.229 Destination:192.168.1.2 Length:307 TOS:0x00 Protocol:TCP Service:UnknownTime:Oct 12 08:21:01 Direction: Unknown In:eth0 Out: Port:54621 Source:72.14.177.229 Destination:192.168.1.2 Length:307 TOS:0x00 Protocol:TCP Service:UnknownTime:Oct 12 08:24:02 Direction: Unknown In:eth0 Out: Port:54657 Source:72.14.177.229 Destination:192.168.1.2 Length:306 TOS:0x00 Protocol:TCP Service:UnknownTime:Oct 12 08:25:56 Direction: Unknown In:eth0 Out: Port:54658 Source:72.14.177.229 Destination:192.168.1.2 Length:306 TOS:0x00 Protocol:TCP Service:UnknownTime:Oct 12 08:27:08 Direction: Unknown In:eth0 Out: Port:57888 Source:72.14.177.229 Destination:192.168.1.2 Length:306 TOS:0x00 Protocol:TCP Service:UnknownTime:Oct 12 08:28:11 Direction: Unknown In:eth0 Out: Port:55010 Source:72.14.177.229 Destination:192.168.1.2 Length:306 TOS:0x00 Protocol:TCP Service:UnknownTime:Oct 12 08:29:11 Direction: Unknown In:eth0 Out: Port:55023 Source:72.14.177.229 Destination:192.168.1.2 Length:307 TOS:0x00 Protocol:TCP Service:UnknownTime:Oct 12 08:41:22 Direction: Unknown In:eth0 Out: Port:56699 Source:72.14.177.229 Destination:192.168.1.2 Length:306 TOS:0x00 Protocol:TCP Service:UnknownTime:Oct 12 08:47:15 Direction: Unknown In:eth0 Out: Port:55300 Source:72.14.177.229 Destination:192.168.1.2 Length:306 TOS:0x00 Protocol:TCP Service:Unknown

Constant and intermittent connection requests on random ports in the 30 - 60,000 range. Highly suspicious! What could it be...an inept portscan, a bungled dos attack? In an effort to find the truth I installed Wireshark, a packet sniffer, and spent several hours scratching a hole in my head trying to establish a pattern in all this random activity. I had already contacted the ISP and informed them that if they didnt take action I was going to refer the whole matter to our legal department ( a.k.a. Gaabriel ). Just as I was about to start emailing law enforcement it struck me I should try one last thing. I googled ' ning linode ' . Turns out that the ning chat server ( or one of them anyway ) is hosted on Linode.com. Please dont tell anyone that I was on the verge of calling the FBI to shop the Ning chat server. I am going into the corner of the room now to cringe with embarassment.

This is what happens to people who stare too long at logfiles.

You must be logged in to post a comment