Blog

63.251.252.12 – Malware remnants from yesteryear or harmless prodding by The Nielsen Company?

Our runner up title for most dropped packets is bestowed upon 63.251.252.12. So what nefarious activity have we seen? On the surface, the attacks appear fairly benign. However, the deeper we go down the rabbit hole, the more we discover! So what ports are being attacked and how often? Port 35935 was the lowest and 65428 the highest. TCP was the only protocol used and no single port was attacked more than 18 times in the total 2,462 attacks (still in progress). The quest gets more interesting when we look into the backstory of 63.251.252.12. A WHOIS query returns: OrgName: Internap Network Services Corporation OrgId: …

Read More63.251.252.12 – Malware remnants from yesteryear or harmless prodding by The Nielsen Company?

The Master Needler – 80.82.65.66

I’ve been watching the dropped packets for 80.82.65.66 awhile now and feel it’s safe to bestow the title of “The Master Needler” upon them. So which ports are they poking the most?  Interestingly, the ports attacked were evenly distributed and appear mostly random. The lowest port number attacked was 1000 and the highest was 65506. No single port was attacked more than 26 times. The only protocol used in the attacked was TCP. The full list of ports attacked by 80.82.65.66 is located here: https://pastebin.com/w0uca8q6 As of this writing, I have seen 20,489 unique attacks from 80.82.65.66. No other single IP address found in …

Read MoreThe Master Needler – 80.82.65.66