The Master Needler –

I’ve been watching the dropped packets for awhile now and feel it’s safe to bestow the title of “The Master Needler” upon them.

So which ports are they poking the most?  Interestingly, the ports attacked were evenly distributed and appear mostly random. The lowest port number attacked was 1000 and the highest was 65506. No single port was attacked more than 26 times. The only protocol used in the attacked was TCP.

The full list of ports attacked by is located here:

As of this writing, I have seen 20,489 unique attacks from No other single IP address found in my syslog comes close to this amount. So who is operating the attack server

A RIPE database query for the subnet yields the following result:

org-name: Quasi Networks LTD.
org-type: OTHER
address: Suite 1, Second Floor
address: Sound & Vision House, Francis Rachel Street
address: Victoria, Mahe, SEYCHELLES
remarks: *****************************************************************************
remarks: *****************************************************************************
remarks: We are a high bandwidth network provider offering bandwidth solutions.
remarks: Government agencies can sent their requests to
remarks: Please only use for abuse reports.
remarks: For all other requests, please see the details on our website.
remarks: *****************************************************************************

Performing a  WHOIS lookup shows a PTR record going to a CNAME for This is a bit odd and likely is a fake/fraudulent PTR record since there is no actual relation to the DNS name.

So when will the attacks stop?  I have not heard back from Quasi Networks yet.

It appears I’m not alone however, others are reporting similar attacks from

AbuseIPDB » was reported 67 times

Time Warner Cable customer reporting a SYN flood attack from

Cymon reports is found in blacklists and noted malicious activities.

1 thought on “The Master Needler –”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.