Count Source IP Resolved Domain Name Destination Ports and Commentary
3977 192.55.91.23 ttpweb.grc.nasa.gov 6989 Interrupted Quicktime streams
3973 204.1.226.228 shieldsup.grc.com Deliberate firewall scans
2730 61.235.154.92 CHINA RAILWAY 1026 1027 MS Messenger popups
TELECOMMUNICATIONS CENTER
1739 222.88.173.5 CHINANET henan province network 1026
567 61.172.249.200 Beijing Waei Software Development 1026+
520 61.152.158.109 Shanghai Global Network Co., Ltd. 1026+
492 69.119.120.80 ool-45777850.dyn.optonline.net 1025 MS RPC service
489 61.152.158.123 Shanghai Global Network Co., Ltd. 1026+
457 69.119.193.167 ool-4577c1a7.dyn.optonline.net myriad ports
369 222.208.168.126 meishan telecom idc meishan, 1026 1027
Sichuan PR China
359 61.235.154.101 CHINA RAILWAY 1026 1027
TELECOMMUNICATIONS CENTER
354 61.235.154.102 CHINA RAILWAY 1026 1027
TELECOMMUNICATIONS CENTER
323 164.109.152.173 staging-admin-1.wellcheck.com 62500+/-
322 198.22.124.62 Best Buy Co., Inc. 22438
308 69.119.194.32 ool-4577c220.dyn.optonline.net 1433 MS SQL Server: Slammer worm

Figure 1: The top-15 sites sending unsolicited packets to my IP address in early 2005. Remember that spoofing a packet's source address to refer to an innocent bystander takes little skill, so you cannot assume the actual senders appear here. The top two entries result from my actions. The others? Well, that's why you need a firewall!

Back to Article